Report - slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

Report Overview

Submitted URL
slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
IP
172.67.134.39
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-02 17:00:06
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.165.201.80
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	108.156.28.39
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	30 kB	69.16.175.42
propeller-tracking.com	187053	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	742 B	73 kB	139.45.197.240
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
slotbusterscasino.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.4 kB	1.1 MB	104.21.6.14
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	973 B	1.9 kB	139.45.195.8
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.1 kB	139.45.197.236
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.35.167.249
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	64 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-02	medium	slotbusterscasino.com/ca/aweber/lp1/main_script.js	Phishing
2022-10-02	medium	slotbusterscasino.com/ca/aweber/lp1/coin.mp3	Phishing
2022-10-02	medium	slotbusterscasino.com/ca/aweber/lp1/sound.mp3	Phishing
2022-10-02	medium	slotbusterscasino.com/ca/aweber/lp1/coin.mp3	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-02	medium	unphionetor.com	Sinkholed
2022-10-02	medium	unphionetor.com	Sinkholed
2022-10-02	medium	unphionetor.com	Sinkholed

JavaScript (16)

	URL	Size	First Seen	Last Seen
	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	136 B	2023-03-07	2024-04-26
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2024-04-26 22:21:47 Times Seen537 Hash 96e82ebcc1bba26e17346488fdd431b1 24626aa3c03c14ff2fe20e52694acadbfca5ddba bb30099f988a6c87efcfbe186ff09863e87a3e1f5437e9ab9e224a7e934876cc Loading...

	propeller-tracking.com/fv.js?t=90679	5.2 kB	2023-03-07	2024-05-04
Pretty URL propeller-tracking.com/fv.js?t=90679 IP 139.45.197.240 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-05-04 18:25:50 Times Seen2373 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	217 B	2023-03-07	2024-01-29
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:45 Last Seen2024-01-29 08:56:02 Times Seen56 Hash 1d338c13f32b61333cf344c9eedcd1f6 c58f9bc7181b434e993f7079012570667b2d26af ae3db5650b897b106fe7087a1d289826a64598dae8f09b13293911d89b4ab50d Loading...

	slotbusterscasino.com/ca/aweber/lp1/main_script.js	983 B	2023-03-07	2024-02-14
Pretty URL slotbusterscasino.com/ca/aweber/lp1/main_script.js IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:45 Last Seen2024-02-14 06:42:20 Times Seen130 Hash 9c3c9de7d40ed71e7e17556942cd36db 61d71a716c450c5ad5d531484bd932ee7c7b6d50 cd25c2c5b537c59ac6bf2dce9be80989fedb66fb2606dd2d923d8c7b6133f8f1 Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	353 B	2023-03-07	2023-04-01
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:29 Last Seen2023-04-01 11:10:20 Times Seen7 Hash 3937c968d165cb4264e19180bd5b9d07 72ed457f36e943c07e4413d4f080938d4df88c64 579fa000e706067d472e839e52e8b2447dddb8559685e3b44e74d4be1df94632 Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	525 B	2023-03-07	2024-01-29
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:45 Last Seen2024-01-29 08:56:02 Times Seen34 Hash 6ed4ec1451609345a8beded81936eb26 fdb02d471a0bae8af2cc0a8edf1fca8610df8b52 561de4e6cfbcdc1bb8f94e5a0a6e5b9fa1e796765d8fd9b9018f8d2e267f7a47 Loading...

	code.jquery.com/jquery-2.2.4.min.js	86 kB	2023-03-07	2024-05-09
Pretty URL code.jquery.com/jquery-2.2.4.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-09 00:56:30 Times Seen389802 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	88 B	2023-03-07	2024-04-26
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-26 22:21:47 Times Seen381 Hash ed6cf71315499a6827f20b3e13d312ad 71b272cdddcacc233e31d69df4ed7c38ba05a3d3 06bac6943b40cf25de3797e62a98c681ee26f658ef18871adb9c338d4f8c5e7c Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	579 B	2023-03-07	2024-01-01
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:45 Last Seen2024-01-01 06:57:43 Times Seen19 Hash 29e90b3ea02bb851461d8c8943f2fa91 02c8695acfdb082779d40642fe3e7b6211f0ea25 182e39a9242d6ea5e36a2855c83e6e3e7f5d946e3b329fbc929d94056c887c52 Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	339 B	2023-03-07	2023-04-01
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:29 Last Seen2023-04-01 11:10:20 Times Seen7 Hash 6836a819dfeeae8840942ac1b7e9dbe2 b3dc9c23f821323736ecfea33d977fb2afccb0b6 ccf55810179d51358af9ba12e2bb5ebe79eddd3701fd2d4d64612c0a91b191a7 Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	81 B	2023-03-07	2024-04-26
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-26 22:21:47 Times Seen382 Hash c0211a10e5bdf9d68c40a31c758e1771 a1ba4ba2803ccf705fabf143a7422c5da5c67477 e1d462e0028d01b1829fdd49d99c692bcc9189772959390bb18054f14deda85e Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655	79 B	2023-03-07	2024-04-26
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 IP 104.21.6.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-26 22:21:47 Times Seen380 Hash 330cb3e23d95121bd55d849997798301 ac065eea17a1fe8f68bf72a5645acdffab3105b5 02edff9349933e1f564c6cad886e0eed218cf96d3b43a390735e2e6084bbc22c Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847	697 B	2023-03-07	2024-04-26
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-26 22:21:48 Times Seen607 Hash 1d1522de413d0b27a43e7be4efeb0405 58c52eec6da93a26b374308e6189b8af139624f7 d9b7a5a22d87f08fbcb41ab49b3494cf35afa659a2b143800bfab1c62b07b193 Loading...

	bigrourg.net/pfe/current/micro.tag.min.js?z=4470108&sw=/sw-check-permissions-caf4e.js	108 kB	2023-03-08	2023-03-08
Pretty URL bigrourg.net/pfe/current/micro.tag.min.js?z=4470108&sw=/sw-check-permissions-caf4e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:32:21 Last Seen2023-03-08 13:26:11 Times Seen1 Hash 07a6012bf43f2fc7873f24030704344f 0aaf880b1263be21be1bbce8d6e8955448f77a90 e9673bb923b87987ee656a0c35f39522a5a7161433b8ed236ade3a6f75c304fe Loading...

	slotbusterscasino.com/ca/aweber/lp1/index.html	103 B	2023-03-08	2023-03-08
Pretty URL slotbusterscasino.com/ca/aweber/lp1/index.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:41:21 Last Seen2023-03-08 04:41:21 Times Seen1 Hash 27d65e4a53971f14ff730bcbdc98d836 e94187f857f3073eecbf2f96484eda1b1a308323 de98c669d1f6f768523eba39d035a3f1596937a1d46718c716c50698b4646f3a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 3dba768273a5a0eed3c303f470a1869c	80 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 04:41:21 Last Seen2023-03-08 04:41:21 Times Seen1 Hash 3dba768273a5a0eed3c303f470a1869c 9fd01ee42ff6fb7c75a4f5f789fe90bb9369ae5c 344dd1c47b0c68eb8ac3a4f626292956353d820b36aabdabf0096adbf2ab91b4 Loading...

HTTP Transactions (43)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

18.165.201.80

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.80:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 16:03:11 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0f9abff0779787e38b3d83ae17ff6224.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ghD3C91GkN7ITVqNCul_V6hVTLWkVOFBMp0JtFs9MEI7xhjbf5ce0Q==
Age: 3403

slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

104.21.6.14

200 OK

2.7 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.7 kB (2652 bytes)
Hash
7ab42dc14a23ebdb033db47e49266f31
292b98dcaa3d8e358aa28d66d88997b5cd7f511d
79ef5d5a5d891ab809aa9f44878c9ceee47b8b8cd7953210dd61693c67ddd8ee

HTTP Headers

GET /ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 17:04:12 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6b7LVzwD6h0HLSUasy3f8Hgkn4qG%2BUp6%2BnMPGx1uVjWVQI3Cb8vhQFm3kT%2Fd485S2vvaKlSZFOPAs55MwYXD7VYDPzWrpEf%2FZsCvInJUN5HRqla%2F%2FLUC7WsE%2BKr%2BcHXUBG8%2B5OC868%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc3dccfb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sun, 02 Oct 2022 18:07:01 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

108.156.28.39

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
108.156.28.39:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 59970c86d3717db509a968eaad0da4de.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: G563eneqzxCbYFb_OTXF0wPTxHv12ykxH5wgi3fF89ZwEnUvQlJEBQ==
age: 48399
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
2f2d0eeb9fd56864efa2934c3a805932
e7160d8ac9cb818ae5eb7c86b177e450055dab0e
29a31d01596e3e290b64ddcc30473ebdf880d9b2291cfe054264b3556445b0e7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 20:32:15 GMT
Expires: Sat, 08 Oct 2022 20:32:14 GMT
Etag: "e7160d8ac9cb818ae5eb7c86b177e450055dab0e"
Cache-Control: max-age=530538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc67ce9b505-OSL

code.jquery.com/jquery-2.2.4.min.js

69.16.175.42

200 OK

30 kB

URL HTTP/2
code.jquery.com/jquery-2.2.4.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32065)
Size
30 kB (29811 bytes)
Hash
82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215

HTTP Headers

GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 02 Oct 2022 16:59:55 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664729995.dop213.sk1.t,1664729995.cds227.sk1.hn,1664729995.cds214.sk1.c
X-Firefox-Spdy: h2

slotbusterscasino.com/ca/aweber/lp1/style.css

104.21.6.14

200 OK

7.0 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/style.css
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
CSV text\012- , ASCII text, with CRLF line terminators
Size
7.0 kB (6972 bytes)
Hash
ff862bbe0360547373b7e8248687cced
5155e65bb77155d161e652e8ef6ce32964405a14
2687d4a4f4980c569e528017b3dc23a303aaeb296700cc05b7321a0bfe05ec66

HTTP Headers

GET /ca/aweber/lp1/style.css HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: text/css
Content-Length: 6972
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "9ab2-5c83ff9a1017b-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zI8n1F0%2Buji3qHnPa8NQClmNCacLJZne32N6sYQmTyet38%2Bnvk5j8mYDZimUYq0dcpgh2ITTbID%2B7a9GFkJkAWvY10c7lrjBzWL7rcnHgf2WWanf3lH99pbCzApW6ypCQBm5hSDPmhE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc79adfb4eb-OSL
alt-svc: h2=":443"; ma=60

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
3f221772ec0c9958b2c88cae5babcd0b
dc78dc227b42d1d4967d64c81374693440bf3f4f
037c8d5c260b070d810b31fd5d9db67c9aa44f3e103ec170cbd7234210555ba1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:25:21 GMT
Expires: Thu, 06 Oct 2022 18:25:20 GMT
Etag: "dc78dc227b42d1d4967d64c81374693440bf3f4f"
Cache-Control: max-age=350124,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc81f8ab505-OSL

slotbusterscasino.com/ca/aweber/lp1/main_script.js

104.21.6.14

200 OK

311 B

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/main_script.js
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
311 B (311 bytes)
Hash
1d7c74d5c34b4eb5ebfc8074cf35dc74
4be502b35ed9eb4b6e99cb203e207d8e4c0445c4
acea34dfebc08b7e37dcf8448b95d8a5495313c45bb04f5f5b4945939a076314

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ca/aweber/lp1/main_script.js HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/javascript
Content-Length: 311
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "3d7-5c83ff9a8835c-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDTgTkCFa0Ef0SYl%2FOGjg2fWCRcpEPQ6dL4cWW9RPz5s61d8hiriSpdc7krIFUUaEUStI0H9lsC%2FjF8Ek4u6osM0OngeBztOwZFVAWgQgOlXASwoWzhO0JrIX3fCACuKyYxxzHFJsXM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc7a81bb527-OSL
alt-svc: h2=":443"; ma=60

my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
1d1522de413d0b27a43e7be4efeb0405
58c52eec6da93a26b374308e6189b8af139624f7
d9b7a5a22d87f08fbcb41ab49b3494cf35afa659a2b143800bfab1c62b07b193

HTTP Headers

GET /p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

propeller-tracking.com/fv.js?t=90679

139.45.197.240

200 OK

42 kB

URL HTTP/2
propeller-tracking.com/fv.js?t=90679
IP
139.45.197.240:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42210 bytes)
Hash
10b179fe1e50f8a0d9f5cac44a1641c9
1cc7617fba67b62229e670ba62440ca83005db35
8fd2ea2c88af26205ee3920b824a3500f4e4f3fd19de638e1180c3e60555ad0b

HTTP Headers

GET /fv.js?t=90679 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0a1c75dab39046322b65751914851914
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
94f9b42cc2b8053a78ece596fb76cd74
266ab6674dc4958b814c312b3ef154a904c37ec7
a02d6fef62ba6464204a25042119224783f8c6eb056be210f432f974cfe95917

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A02D6FEF62BA6464204A25042119224783F8C6EB056BE210F432F974CFE95917"
Last-Modified: Fri, 30 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8593
Expires: Sun, 02 Oct 2022 19:23:08 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive

propeller-tracking.com/fv.js?t=90679

139.45.197.240

200 OK

29 kB

URL HTTP/2
propeller-tracking.com/fv.js?t=90679
IP
139.45.197.240:0
ASN
#9002 RETN Limited

File type
data
Size
29 kB (28927 bytes)
Hash
0d11a272a9a7d3a83fbab33c7de85352
ba5250d316e1a5adb57bb276210fe6df39289c18
63c91729645d88c09a9356fb7eb888c951c6f25eac98ecc76ff3a222cec7335a

HTTP Headers

GET /fv.js?t=90679 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 376f2152eb7a08cceae5331f5c8ee902
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

slotbusterscasino.com/ca/aweber/lp1/cashhc.png

104.21.6.14

200 OK

32 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/cashhc.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 363 x 284, 8-bit/color RGBA, non-interlaced\012- data
Size
32 kB (31615 bytes)
Hash
6c52de939909399530fe68c55d5d6c92
4c7b5a3461347694c6f8076c6a3192896909426b
ef9623401696a4c11151defd6e88c23175f831447eab99b2b49ef9501884e0a6

HTTP Headers

GET /ca/aweber/lp1/cashhc.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 31615
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "7b7f-5c83ff9abdebc"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39hia5S3bOweLrNW7b4sB4N9XaTm2%2BYvzsbtRSDZ34Le%2FUA57nPqvKJ1AkWHeYnsz5gnbdFYS5jNvvw4MaU85h%2FeCPvchNMSqV9iEbpMa6cS4YYOv%2Bu8J5GBlPsEXXg6dpp0btJsyNU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85c1eb4eb-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ca01e_v.png

104.21.6.14

200 OK

13 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ca01e_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 268 x 126, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13376 bytes)
Hash
4e9495005c85cc7cfbda4466110e48a8
3f6879faa94d4c3a767d4350a3cac329e433854e
ea2f092d35c2e705e0018963035cd06b13c9dc20dd892c0c011ee0473a05cd1a

HTTP Headers

GET /ca/aweber/lp1/5e67f0a6ca01e_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 13376
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "3440-5c83ff98693da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72ZjxpZe83URg9PRNr6JMHaLcJqUzhk9VKSQ3NTUcOXh2bdhrjxPRNrgPatYARlS970K5UYQh6uRd6i6x1qstsY50NIB3sYLZspduxF%2Fq0U6DhrLO2QA%2BcZzZoeDOgzE56hBLRvyh1I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85bacb4f4-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/5e67f0a828b4f_v.png

104.21.6.14

200 OK

46 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a828b4f_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 277 x 558, 8-bit colormap, non-interlaced\012- data
Size
46 kB (46237 bytes)
Hash
cf230c7057040526271ef730a4f2c538
0cd0c1e88e60ad9ce4a70df1ba80c3c8879cda01
5d2d98590f2a25919b105a484458d20e03298c4369d5f1be42b03e76799fb61c

HTTP Headers

GET /ca/aweber/lp1/5e67f0a828b4f_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 46237
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "b49d-5c83ff9997f9b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SuFWy5HR6U8O25o35pfJrsmQkt6UOjiiHpqtMtoDICxxngukq4%2BDQEk0dq2PHEaW00jl7R3K1UDQIOAlUK9i%2BJi49W2F%2Bp0dYHYgZJKUF%2Bf4rvnGrCi4fVL2FH0BjmUyc6lPhYqj2IM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85b571c16-OSL
alt-svc: h2=":443"; ma=60

unphionetor.com/vctx?t=90679

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=90679
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=90679 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 3afdfc4e3e18c187a6f0bd774d91363a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

slotbusterscasino.com/ca/aweber/lp1/5e67f0a6b4533_v.jpg

104.21.6.14

200 OK

53 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6b4533_v.jpg
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Size
53 kB (53443 bytes)
Hash
88d7f03fd819c7aefcdb1074bb7990fa
882217405770ad036505e193943f34947fbafa48
c3a48888af05fd6567be6d09d13fa63fad286297bf9cd027718c7a7e355ad9ae

HTTP Headers

GET /ca/aweber/lp1/5e67f0a6b4533_v.jpg HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/jpeg
Content-Length: 53443
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "d0c3-5c83ff992f7bb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRqp94%2BIIqcQ8NeLDdeccM3YuQstRp4XTMDH73Y%2BAZUpXxmJT5yWUm8fSyI2C4YDqVSDGMRkiZygYbabEYXzn4gWqhBK%2ByYuJsEQu3ViejUK%2FkHWTuoLEPeCw%2BzLzpkOMIqe4T%2B2cBo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc8794bb527-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.165.201.80

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.165.201.80:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 16:32:56 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 16:54:57 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5059e7bd12388ef6673ed156d17eb756.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ec6-C1-0G6y-Q-w9qhhl0sCfAGsnVWfJmgM9TTX2S49MXTlueQ3inA==
Age: 1622

slotbusterscasino.com/ca/aweber/lp1/5e67f0a655940_v.png

104.21.6.14

200 OK

77 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a655940_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 857 x 204, 8-bit/color RGBA, non-interlaced\012- data
Size
77 kB (76995 bytes)
Hash
22d35d6ee41512539e529961fd51f26b
fc8a8a521b4bbbb50871f7439effa916fa1e5a2b
ea18bede2d858dc8467bdc98c7fc9d751d1e1309476a5d5c81f0db96b66c505d

HTTP Headers

GET /ca/aweber/lp1/5e67f0a655940_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 76995
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "12cc3-5c83ff99633db"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAiO8ZTTwNkI7xWE52Ai0tHJjmcjX4jacVaoz5fvGfeUKGKUyDSGatWTvKgkC005gxgOvL0MgPyRjlsXjQz%2BV50IghwIo2hPmfmy%2BOVsiFUa3DVSpcZjSZqHDWZoarOafy2iZXTq0nM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc91f38b51e-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/5e67f0a83ba89_v.png

104.21.6.14

200 OK

7.4 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a83ba89_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 426 x 137, 8-bit colormap, non-interlaced\012- data
Size
7.4 kB (7401 bytes)
Hash
9e245319753e82681922d644b1983d8e
6ddbf0b42027c06e4bcee68a9bb1019fcaf943aa
2c9bcdd3153da3c92abc1b4403b50e4f911dd27f401aff620a717ad1a0d78667

HTTP Headers

GET /ca/aweber/lp1/5e67f0a83ba89_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 7401
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "1ce9-5c83ff9a3ef7b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeW4yUBwjBjHphMOg4%2FjKjdQPts1hLVKH9AV3acvFisJ6xZTfFngXd70emQK3p8WFf6HiVFU5vsYTzaPBonStSa0GuVQ9jMjzt4owH4R91axf3d7p%2Ftwbi50RJUrxKtXWxe2QazoNfU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92cc4b4f4-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ef344_v.png

104.21.6.14

200 OK

6.5 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ef344_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 185 x 183, 8-bit colormap, non-interlaced\012- data
Size
6.5 kB (6484 bytes)
Hash
7816622da7fe6bb9b083251c85101dd1
eaa0af79fe084abb6b208d7694b04cf3784e80d0
1da0f0bfc01d6e5ed9d6dfb1ea07c9afb9100cf1a2be7879672059a7dd35c437

HTTP Headers

GET /ca/aweber/lp1/5e67f0a6ef344_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 6484
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "1954-5c83ff98981da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2mcJ3%2FWJvVYmCcKaPtS4fTBIqANql1EpOb%2BVuNZmBHFfesa%2FDgZ98TTbKaxCm7TIqL5y6p8Z2xBx5LJcho%2FKSEcyoZY42bHqQOzcunD7%2B00K9PmMZiIoxZ5Fs7uodx625Fnmz0rd94%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92d3eb4eb-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 16:59:55 GMT
Last-Modified: Sun, 02 Oct 2022 16:12:43 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

slotbusterscasino.com/ca/aweber/lp1/5e67f0a4b11b9_v.png

104.21.6.14

200 OK

757 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/5e67f0a4b11b9_v.png
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 872 x 872, 8-bit/color RGBA, non-interlaced\012- data
Size
757 kB (756748 bytes)
Hash
3ef027366bb237fd9eb040ccad94198c
3e588f5915a38786a29e2e1b10cbf9df4e09004c
4836e6c4891318fd9b274ec2076d04d0f0df3460b9d7d051894c55fd5334c2e7

HTTP Headers

GET /ca/aweber/lp1/5e67f0a4b11b9_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 756748
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "b8c0c-5c83ff980e6ba"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBIWPtKnYi5xZCJxhEVWD%2BTTg1ktrLT%2F6GPkddI%2BAzVSPwMaYt86gYMFI1BKpn3Ku6dubkwU%2BRdzLlVPWxVSPDiTf05fGzMc5zXz5Q%2F2IZ1Y5byytcbwTtE7DkCGvP3dv8tLkC78uUM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc858f40afa-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/coin.mp3

104.21.6.14

206 Partial Content

22 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/coin.mp3
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Size
22 kB (22067 bytes)
Hash
c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ca/aweber/lp1/coin.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTReLfKcWLZjk4XWL8EdNOVZ2NkPgZ1yRgi6OeaXTQmQRdJ2O%2BJt7%2F7ci2nXDOByCbKRIwg%2FzDOpx9ELM%2BWX57RlfTPVa5bmKeQXrdurdffQJfrdetQhxRTmpSfbLj22QOAHZZnqgD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc99caa1c16-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/sound.mp3

104.21.6.14

206 Partial Content

49 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/sound.mp3
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
49 kB (48945 bytes)
Hash
277c43fdefb88a30fe36f33a148600f0
2bc68cf98b4b4902bc509c2b53af4baa7efe44d9
9eaa1694cf0be56df45f5424b8b314d45ed55e9ac372e5f0b05bf586e5d4552c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ca/aweber/lp1/sound.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: audio/mpeg
Content-Length: 48945
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "bf31-5c83ff99cbbbb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Content-Range: bytes 0-48944/48945
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycwjgxdICRBiG%2FUq6WnUNhWcrs4XVvOjz8Ev1vcjuVSr3k8KTT3tSCrXB2kieBeHcKHmheYRFJUb1D0oA7bwAT72y7t568CTerUUGDhROQNU2L6ENn1xlbxULHoZ8XStUSAK31lUkJA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9ab5cb527-OSL
alt-svc: h2=":443"; ma=60

slotbusterscasino.com/ca/aweber/lp1/coin.mp3

104.21.6.14

206 Partial Content

22 kB

URL HTTP/1.1
slotbusterscasino.com/ca/aweber/lp1/coin.mp3
IP
104.21.6.14:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Size
22 kB (22067 bytes)
Hash
c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ca/aweber/lp1/coin.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:56 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soOWX0FsyWHsVN6By1dbxjWprYswZDhDQNxH7SwnMkFfOuqjQn%2BBDU21XpHHKacTHbUlQEZGH70LcyROmpIL6lmm%2BE0yxBfA8QmW7HXeAtBAwjbNOmtkMF1%2By03ANLAEiEhAWYM5lUY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9d85bb51e-OSL
alt-svc: h2=":443"; ma=60

unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=90679&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9aff2080fd9d5dc168317c8bbbad082b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.35.167.249

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.167.249:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iOSGIqjZz+pS0jP/erXuBA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oW6HE4dd7DSrMhqdbE8080vAXW8=

my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5501dd5f3e5a4f3783efda6a170aaf7b; expires=Mon, 02 Oct 2023 16:59:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4987 bytes)
Hash
463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:45 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 68712
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8602 bytes)
Hash
94d82ad8d70761f6ee1384b4183335f3
5d3389a965cfa45dab2202d89b40264368674e8a
ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:38 GMT
age: 68779
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6315 bytes)
Hash
206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 44298
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9340 bytes)
Hash
6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 69154
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6871 bytes)
Hash
9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
age: 68782
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11083 bytes)
Hash
edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 68782
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=2465

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=2465
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbri?t=90679&bid=undefined&aid=undefined&tp=2465 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:57 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a8124286f5550d634a95ddced22cd4cd
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9012 bytes)
Hash
b11c8ecfed53e302ab48fa5f757513a4
b3cb36455b3cb0a160c705958add6c422a0a48a2
fb66239038dddd134d3c5c7a656c91c57737bc784fabefe15a5ef2981e68e2b0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 4ea2bfb1-fc99-4777-aa98-0605d4a704ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpmEBlIAMFj2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-039358f5691f895941f485fd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -zAvZvugUNsIscx7YT34xPY-AiaxduJGMkM23GqxSvfl0EmqWOmysA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:52:38 GMT
age: 68846
etag: "b3cb36455b3cb0a160c705958add6c422a0a48a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e2ae91ea2cd0d60af8ebfd6efabba090
1b90514a34c661bdaf60a42795f9baf735c62601
988e40422d6903cb69af1b0d475f4f8383660c21b85e1a87ec5d6814a67ec327

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "988E40422D6903CB69AF1B0D475F4F8383660C21B85E1A87EC5D6814A67EC327"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6550
Expires: Sun, 02 Oct 2022 18:49:14 GMT
Date: Sun, 02 Oct 2022 17:00:04 GMT
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations