firefox.settings.services.mozilla.com/v1/
18.165.201.80200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.80:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 16:03:11 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0f9abff0779787e38b3d83ae17ff6224.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ghD3C91GkN7ITVqNCul_V6hVTLWkVOFBMp0JtFs9MEI7xhjbf5ce0Q==
Age: 3403
slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
104.21.6.14200 OK 2.7 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
IP 104.21.6.14:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 7ab42dc14a23ebdb033db47e49266f31
292b98dcaa3d8e358aa28d66d88997b5cd7f511d
79ef5d5a5d891ab809aa9f44878c9ceee47b8b8cd7953210dd61693c67ddd8ee
GET /ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 17:04:12 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6b7LVzwD6h0HLSUasy3f8Hgkn4qG%2BUp6%2BnMPGx1uVjWVQI3Cb8vhQFm3kT%2Fd485S2vvaKlSZFOPAs55MwYXD7VYDPzWrpEf%2FZsCvInJUN5HRqla%2F%2FLUC7WsE%2BKr%2BcHXUBG8%2B5OC868%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc3dccfb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sun, 02 Oct 2022 18:07:01 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.39200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.39:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 59970c86d3717db509a968eaad0da4de.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: G563eneqzxCbYFb_OTXF0wPTxHv12ykxH5wgi3fF89ZwEnUvQlJEBQ==
age: 48399
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2f2d0eeb9fd56864efa2934c3a805932
e7160d8ac9cb818ae5eb7c86b177e450055dab0e
29a31d01596e3e290b64ddcc30473ebdf880d9b2291cfe054264b3556445b0e7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 20:32:15 GMT
Expires: Sat, 08 Oct 2022 20:32:14 GMT
Etag: "e7160d8ac9cb818ae5eb7c86b177e450055dab0e"
Cache-Control: max-age=530538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc67ce9b505-OSL
code.jquery.com/jquery-2.2.4.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.2.4.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32065)
Hash 82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 16:59:55 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664729995.dop213.sk1.t,1664729995.cds227.sk1.hn,1664729995.cds214.sk1.c
X-Firefox-Spdy: h2
slotbusterscasino.com/ca/aweber/lp1/style.css
104.21.6.14200 OK 7.0 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/style.css
IP 104.21.6.14:0
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash ff862bbe0360547373b7e8248687cced
5155e65bb77155d161e652e8ef6ce32964405a14
2687d4a4f4980c569e528017b3dc23a303aaeb296700cc05b7321a0bfe05ec66
GET /ca/aweber/lp1/style.css HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: text/css
Content-Length: 6972
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "9ab2-5c83ff9a1017b-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zI8n1F0%2Buji3qHnPa8NQClmNCacLJZne32N6sYQmTyet38%2Bnvk5j8mYDZimUYq0dcpgh2ITTbID%2B7a9GFkJkAWvY10c7lrjBzWL7rcnHgf2WWanf3lH99pbCzApW6ypCQBm5hSDPmhE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc79adfb4eb-OSL
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3f221772ec0c9958b2c88cae5babcd0b
dc78dc227b42d1d4967d64c81374693440bf3f4f
037c8d5c260b070d810b31fd5d9db67c9aa44f3e103ec170cbd7234210555ba1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:25:21 GMT
Expires: Thu, 06 Oct 2022 18:25:20 GMT
Etag: "dc78dc227b42d1d4967d64c81374693440bf3f4f"
Cache-Control: max-age=350124,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc81f8ab505-OSL
slotbusterscasino.com/ca/aweber/lp1/main_script.js
104.21.6.14200 OK 311 B URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/main_script.js
IP 104.21.6.14:0
File type ASCII text, with CRLF line terminators
Hash 1d7c74d5c34b4eb5ebfc8074cf35dc74
4be502b35ed9eb4b6e99cb203e207d8e4c0445c4
acea34dfebc08b7e37dcf8448b95d8a5495313c45bb04f5f5b4945939a076314
Analyzer Verdict Alert fortinet Phishing
GET /ca/aweber/lp1/main_script.js HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: application/javascript
Content-Length: 311
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "3d7-5c83ff9a8835c-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDTgTkCFa0Ef0SYl%2FOGjg2fWCRcpEPQ6dL4cWW9RPz5s61d8hiriSpdc7krIFUUaEUStI0H9lsC%2FjF8Ek4u6osM0OngeBztOwZFVAWgQgOlXASwoWzhO0JrIX3fCACuKyYxxzHFJsXM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc7a81bb527-OSL
alt-svc: h2=":443"; ma=60
my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847
IP 139.45.195.8:0
Hash 1d1522de413d0b27a43e7be4efeb0405
58c52eec6da93a26b374308e6189b8af139624f7
d9b7a5a22d87f08fbcb41ab49b3494cf35afa659a2b143800bfab1c62b07b193
GET /p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=90679
139.45.197.240200 OK 42 kB URL HTTP/2 propeller-tracking.com/fv.js?t=90679
IP 139.45.197.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 10b179fe1e50f8a0d9f5cac44a1641c9
1cc7617fba67b62229e670ba62440ca83005db35
8fd2ea2c88af26205ee3920b824a3500f4e4f3fd19de638e1180c3e60555ad0b
GET /fv.js?t=90679 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0a1c75dab39046322b65751914851914
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94f9b42cc2b8053a78ece596fb76cd74
266ab6674dc4958b814c312b3ef154a904c37ec7
a02d6fef62ba6464204a25042119224783f8c6eb056be210f432f974cfe95917
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A02D6FEF62BA6464204A25042119224783F8C6EB056BE210F432F974CFE95917"
Last-Modified: Fri, 30 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8593
Expires: Sun, 02 Oct 2022 19:23:08 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive
propeller-tracking.com/fv.js?t=90679
139.45.197.240200 OK 29 kB URL HTTP/2 propeller-tracking.com/fv.js?t=90679
IP 139.45.197.240:0
Hash 0d11a272a9a7d3a83fbab33c7de85352
ba5250d316e1a5adb57bb276210fe6df39289c18
63c91729645d88c09a9356fb7eb888c951c6f25eac98ecc76ff3a222cec7335a
GET /fv.js?t=90679 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 376f2152eb7a08cceae5331f5c8ee902
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
slotbusterscasino.com/ca/aweber/lp1/cashhc.png
104.21.6.14200 OK 32 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/cashhc.png
IP 104.21.6.14:0
File type PNG image data, 363 x 284, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c52de939909399530fe68c55d5d6c92
4c7b5a3461347694c6f8076c6a3192896909426b
ef9623401696a4c11151defd6e88c23175f831447eab99b2b49ef9501884e0a6
GET /ca/aweber/lp1/cashhc.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 31615
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "7b7f-5c83ff9abdebc"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39hia5S3bOweLrNW7b4sB4N9XaTm2%2BYvzsbtRSDZ34Le%2FUA57nPqvKJ1AkWHeYnsz5gnbdFYS5jNvvw4MaU85h%2FeCPvchNMSqV9iEbpMa6cS4YYOv%2Bu8J5GBlPsEXXg6dpp0btJsyNU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85c1eb4eb-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ca01e_v.png
104.21.6.14200 OK 13 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ca01e_v.png
IP 104.21.6.14:0
File type PNG image data, 268 x 126, 8-bit/color RGBA, non-interlaced\012- data
Hash 4e9495005c85cc7cfbda4466110e48a8
3f6879faa94d4c3a767d4350a3cac329e433854e
ea2f092d35c2e705e0018963035cd06b13c9dc20dd892c0c011ee0473a05cd1a
GET /ca/aweber/lp1/5e67f0a6ca01e_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 13376
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "3440-5c83ff98693da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72ZjxpZe83URg9PRNr6JMHaLcJqUzhk9VKSQ3NTUcOXh2bdhrjxPRNrgPatYARlS970K5UYQh6uRd6i6x1qstsY50NIB3sYLZspduxF%2Fq0U6DhrLO2QA%2BcZzZoeDOgzE56hBLRvyh1I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85bacb4f4-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/5e67f0a828b4f_v.png
104.21.6.14200 OK 46 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a828b4f_v.png
IP 104.21.6.14:0
File type PNG image data, 277 x 558, 8-bit colormap, non-interlaced\012- data
Hash cf230c7057040526271ef730a4f2c538
0cd0c1e88e60ad9ce4a70df1ba80c3c8879cda01
5d2d98590f2a25919b105a484458d20e03298c4369d5f1be42b03e76799fb61c
GET /ca/aweber/lp1/5e67f0a828b4f_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 46237
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "b49d-5c83ff9997f9b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SuFWy5HR6U8O25o35pfJrsmQkt6UOjiiHpqtMtoDICxxngukq4%2BDQEk0dq2PHEaW00jl7R3K1UDQIOAlUK9i%2BJi49W2F%2Bp0dYHYgZJKUF%2Bf4rvnGrCi4fVL2FH0BjmUyc6lPhYqj2IM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85b571c16-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/vctx?t=90679
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=90679
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=90679 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 3afdfc4e3e18c187a6f0bd774d91363a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6b4533_v.jpg
104.21.6.14200 OK 53 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a6b4533_v.jpg
IP 104.21.6.14:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Hash 88d7f03fd819c7aefcdb1074bb7990fa
882217405770ad036505e193943f34947fbafa48
c3a48888af05fd6567be6d09d13fa63fad286297bf9cd027718c7a7e355ad9ae
GET /ca/aweber/lp1/5e67f0a6b4533_v.jpg HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/jpeg
Content-Length: 53443
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "d0c3-5c83ff992f7bb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRqp94%2BIIqcQ8NeLDdeccM3YuQstRp4XTMDH73Y%2BAZUpXxmJT5yWUm8fSyI2C4YDqVSDGMRkiZygYbabEYXzn4gWqhBK%2ByYuJsEQu3ViejUK%2FkHWTuoLEPeCw%2BzLzpkOMIqe4T%2B2cBo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc8794bb527-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.80200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.80:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 16:32:56 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 16:54:57 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5059e7bd12388ef6673ed156d17eb756.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ec6-C1-0G6y-Q-w9qhhl0sCfAGsnVWfJmgM9TTX2S49MXTlueQ3inA==
Age: 1622
slotbusterscasino.com/ca/aweber/lp1/5e67f0a655940_v.png
104.21.6.14200 OK 77 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a655940_v.png
IP 104.21.6.14:0
File type PNG image data, 857 x 204, 8-bit/color RGBA, non-interlaced\012- data
Hash 22d35d6ee41512539e529961fd51f26b
fc8a8a521b4bbbb50871f7439effa916fa1e5a2b
ea18bede2d858dc8467bdc98c7fc9d751d1e1309476a5d5c81f0db96b66c505d
GET /ca/aweber/lp1/5e67f0a655940_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 76995
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "12cc3-5c83ff99633db"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAiO8ZTTwNkI7xWE52Ai0tHJjmcjX4jacVaoz5fvGfeUKGKUyDSGatWTvKgkC005gxgOvL0MgPyRjlsXjQz%2BV50IghwIo2hPmfmy%2BOVsiFUa3DVSpcZjSZqHDWZoarOafy2iZXTq0nM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc91f38b51e-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/5e67f0a83ba89_v.png
104.21.6.14200 OK 7.4 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a83ba89_v.png
IP 104.21.6.14:0
File type PNG image data, 426 x 137, 8-bit colormap, non-interlaced\012- data
Hash 9e245319753e82681922d644b1983d8e
6ddbf0b42027c06e4bcee68a9bb1019fcaf943aa
2c9bcdd3153da3c92abc1b4403b50e4f911dd27f401aff620a717ad1a0d78667
GET /ca/aweber/lp1/5e67f0a83ba89_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 7401
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "1ce9-5c83ff9a3ef7b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeW4yUBwjBjHphMOg4%2FjKjdQPts1hLVKH9AV3acvFisJ6xZTfFngXd70emQK3p8WFf6HiVFU5vsYTzaPBonStSa0GuVQ9jMjzt4owH4R91axf3d7p%2Ftwbi50RJUrxKtXWxe2QazoNfU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92cc4b4f4-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ef344_v.png
104.21.6.14200 OK 6.5 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a6ef344_v.png
IP 104.21.6.14:0
File type PNG image data, 185 x 183, 8-bit colormap, non-interlaced\012- data
Hash 7816622da7fe6bb9b083251c85101dd1
eaa0af79fe084abb6b208d7694b04cf3784e80d0
1da0f0bfc01d6e5ed9d6dfb1ea07c9afb9100cf1a2be7879672059a7dd35c437
GET /ca/aweber/lp1/5e67f0a6ef344_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 6484
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "1954-5c83ff98981da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2mcJ3%2FWJvVYmCcKaPtS4fTBIqANql1EpOb%2BVuNZmBHFfesa%2FDgZ98TTbKaxCm7TIqL5y6p8Z2xBx5LJcho%2FKSEcyoZY42bHqQOzcunD7%2B00K9PmMZiIoxZ5Fs7uodx625Fnmz0rd94%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92d3eb4eb-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 16:59:55 GMT
Last-Modified: Sun, 02 Oct 2022 16:12:43 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
slotbusterscasino.com/ca/aweber/lp1/5e67f0a4b11b9_v.png
104.21.6.14200 OK 757 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/5e67f0a4b11b9_v.png
IP 104.21.6.14:0
File type PNG image data, 872 x 872, 8-bit/color RGBA, non-interlaced\012- data
Size 757 kB (756748 bytes)
Hash 3ef027366bb237fd9eb040ccad94198c
3e588f5915a38786a29e2e1b10cbf9df4e09004c
4836e6c4891318fd9b274ec2076d04d0f0df3460b9d7d051894c55fd5334c2e7
GET /ca/aweber/lp1/5e67f0a4b11b9_v.png HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: image/png
Content-Length: 756748
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "b8c0c-5c83ff980e6ba"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBIWPtKnYi5xZCJxhEVWD%2BTTg1ktrLT%2F6GPkddI%2BAzVSPwMaYt86gYMFI1BKpn3Ku6dubkwU%2BRdzLlVPWxVSPDiTf05fGzMc5zXz5Q%2F2IZ1Y5byytcbwTtE7DkCGvP3dv8tLkC78uUM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc858f40afa-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/coin.mp3
104.21.6.14206 Partial Content 22 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/coin.mp3
IP 104.21.6.14:0
File type Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Hash c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56
Analyzer Verdict Alert fortinet Phishing
GET /ca/aweber/lp1/coin.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTReLfKcWLZjk4XWL8EdNOVZ2NkPgZ1yRgi6OeaXTQmQRdJ2O%2BJt7%2F7ci2nXDOByCbKRIwg%2FzDOpx9ELM%2BWX57RlfTPVa5bmKeQXrdurdffQJfrdetQhxRTmpSfbLj22QOAHZZnqgD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc99caa1c16-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/sound.mp3
104.21.6.14206 Partial Content 49 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/sound.mp3
IP 104.21.6.14:0
File type Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 277c43fdefb88a30fe36f33a148600f0
2bc68cf98b4b4902bc509c2b53af4baa7efe44d9
9eaa1694cf0be56df45f5424b8b314d45ed55e9ac372e5f0b05bf586e5d4552c
Analyzer Verdict Alert fortinet Phishing
GET /ca/aweber/lp1/sound.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Type: audio/mpeg
Content-Length: 48945
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "bf31-5c83ff99cbbbb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Content-Range: bytes 0-48944/48945
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycwjgxdICRBiG%2FUq6WnUNhWcrs4XVvOjz8Ev1vcjuVSr3k8KTT3tSCrXB2kieBeHcKHmheYRFJUb1D0oA7bwAT72y7t568CTerUUGDhROQNU2L6ENn1xlbxULHoZ8XStUSAK31lUkJA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9ab5cb527-OSL
alt-svc: h2=":443"; ma=60
slotbusterscasino.com/ca/aweber/lp1/coin.mp3
104.21.6.14206 Partial Content 22 kB URL HTTP/1.1 slotbusterscasino.com/ca/aweber/lp1/coin.mp3
IP 104.21.6.14:0
File type Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Hash c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56
Analyzer Verdict Alert fortinet Phishing
GET /ca/aweber/lp1/coin.mp3 HTTP/1.1
Host: slotbusterscasino.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Sun, 02 Oct 2022 16:59:56 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soOWX0FsyWHsVN6By1dbxjWprYswZDhDQNxH7SwnMkFfOuqjQn%2BBDU21XpHHKacTHbUlQEZGH70LcyROmpIL6lmm%2BE0yxBfA8QmW7HXeAtBAwjbNOmtkMF1%2By03ANLAEiEhAWYM5lUY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9d85bb51e-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=90679&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9aff2080fd9d5dc168317c8bbbad082b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.35.167.249101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.167.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iOSGIqjZz+pS0jP/erXuBA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oW6HE4dd7DSrMhqdbE8080vAXW8=
my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5501dd5f3e5a4f3783efda6a170aaf7b; expires=Mon, 02 Oct 2023 16:59:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:45 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 68712
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94d82ad8d70761f6ee1384b4183335f3
5d3389a965cfa45dab2202d89b40264368674e8a
ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:38 GMT
age: 68779
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 44298
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 69154
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
age: 68782
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 68782
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=2465
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=2465
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=90679&bid=undefined&aid=undefined&tp=2465 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 02 Oct 2022 16:59:57 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a8124286f5550d634a95ddced22cd4cd
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11c8ecfed53e302ab48fa5f757513a4
b3cb36455b3cb0a160c705958add6c422a0a48a2
fb66239038dddd134d3c5c7a656c91c57737bc784fabefe15a5ef2981e68e2b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 4ea2bfb1-fc99-4777-aa98-0605d4a704ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpmEBlIAMFj2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-039358f5691f895941f485fd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -zAvZvugUNsIscx7YT34xPY-AiaxduJGMkM23GqxSvfl0EmqWOmysA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:52:38 GMT
age: 68846
etag: "b3cb36455b3cb0a160c705958add6c422a0a48a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e2ae91ea2cd0d60af8ebfd6efabba090
1b90514a34c661bdaf60a42795f9baf735c62601
988e40422d6903cb69af1b0d475f4f8383660c21b85e1a87ec5d6814a67ec327
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "988E40422D6903CB69AF1B0D475F4F8383660C21B85E1A87EC5D6814A67EC327"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6550
Expires: Sun, 02 Oct 2022 18:49:14 GMT
Date: Sun, 02 Oct 2022 17:00:04 GMT
Connection: keep-alive