r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e997bec759570aa0db03e31bf013cc2
948fd8263ab0b40f75eaf9495f76a7f39f39d5f9
853f97990fe10ccb34066b1e73e93dac45794f42fb745b266b6a46b9e26d52e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "853F97990FE10CCB34066B1E73E93DAC45794F42FB745B266B6A46B9E26D52E9"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8466
Expires: Fri, 28 Oct 2022 00:47:12 GMT
Date: Thu, 27 Oct 2022 22:26:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2736
Cache-Control: max-age=129039
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 22:26:06 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 10:16:45 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2682
Expires: Thu, 27 Oct 2022 23:10:48 GMT
Date: Thu, 27 Oct 2022 22:26:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PiwmkdJfF7mbEl5/Np2i961B/kKJiMsq/UbDXUZLUnOKSEWFgA37WGwFjMs1uq3GNGdmqJ/fsX0=
x-amz-request-id: QQ336QVP5TPTYASZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 27 Oct 2022 22:10:01 GMT
age: 965
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 22:26:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ezcasinowinners.club/au/aweber/lp1/index.html
104.21.21.40200 OK 2.6 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/index.html
IP 104.21.21.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash cbf5da02f477fe5ce8419f640b56b243
c1d7e1cb8b822b23d1daccf87c5a549808850c13
b3fe8b2f5b1e002f637c634edd2219caa8bf151247da12f6e3a0544f298c378d
Analyzer Verdict Alert fortinet Phishing
GET /au/aweber/lp1/index.html HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Mar 2022 22:16:14 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQ6ch6DOM49efc%2Fio58zXPTdtoOdWZ%2FfvfzZi3R7h1L04GgXJRyDVBqRai8nIXwUXaWVni%2BS7uke8atibbipFkhxYsyU64bwGJ%2Fdw4HsdFXyDrabhdhzfC%2B79j7bhRlq%2Bt09DzkwYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 760ed9f62c2eb4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/cdn-cgi/apps/head/tox_EUcqYNRAZsdBSKxmNCo3bYg.js
104.21.21.40200 OK 1.3 kB URL HTTP/1.1 ezcasinowinners.club/cdn-cgi/apps/head/tox_EUcqYNRAZsdBSKxmNCo3bYg.js
IP 104.21.21.40:0
Hash fada1c1c8f5d5f132a8ef8c7d9b8acb8
b68c7f11472a60d44066c74148ac66342a376d88
62fe5b7673d0131f91bf20b3f27b1c1ad451e8c55138c53df979d3c6675773bb
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/apps/head/tox_EUcqYNRAZsdBSKxmNCo3bYg.js HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 1341
Connection: keep-alive
x-amz-id-2: bokmH7SeX9wzND3STqMAyM7Z8gTq9VQ6/7GI2OraXEPFlnhQBGTW8kaxzFiz4lpxmnguCGP3SBQ=
x-amz-request-id: SQWCXZC1GXGSACQ5
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Sun, 20 Sep 2020 20:04:31 GMT
x-amz-version-id: 2bL1VcGU_tj5tpwF05lbWzNgeL0LPYgo
ETag: "fada1c1c8f5d5f132a8ef8c7d9b8acb8"
CF-Cache-Status: HIT
Age: 404836
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FWfZxpi3OfSpNiRt6Io4u2lnFKJF8RP9uHaCYlUApSyHlMDKrmY6yZH0bhNwxXmrqUxX1B0caxNV%2BBzEc%2BzT6p16ZeyDubB5FKYj%2F%2FyEgKs5JgWFkx9FITqc%2FYZc4DkaWtbAxzw4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760ed9fa4fa6b4f3-OSL
alt-svc: h2=":443"; ma=60
code.jquery.com/jquery-2.2.4.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.2.4.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32065)
Hash 82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ezcasinowinners.club
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 27 Oct 2022 22:26:07 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1666909567.dop208.sk1.t,1666909567.cds257.sk1.hn,1666909567.cds214.sk1.c
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c3d9537656f03ec111d9cccc115430b6
60cfb94a982d3c6d47b72e15e870e3aff76be2f2
8bcf7052bb0d0ede5c3fdbb06dbdc18a48b3bbfd8da88ee47374d206bfa390d8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 26 Oct 2022 08:32:15 GMT
Expires: Wed, 02 Nov 2022 08:32:14 GMT
Etag: "60cfb94a982d3c6d47b72e15e870e3aff76be2f2"
Cache-Control: max-age=467766,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 760ed9fad85db4f7-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5ff1aad001cfcea645d571fca9149a26
36e97e1587081faa5e45b3cf98aad5193880838e
0c2f549abfc62794fefbb8b674e2a0520948c835a42d0e826f9f62748b534f9d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 27 Oct 2022 18:25:23 GMT
Expires: Thu, 03 Nov 2022 18:25:22 GMT
Etag: "36e97e1587081faa5e45b3cf98aad5193880838e"
Cache-Control: max-age=589754,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 760ed9faf83f0b51-OSL
redrotou.net/pfe/current/micro.tag.min.js?z=4463447&sw=/sw-check-permissions-fa1f3.js
139.45.197.251200 OK 26 kB URL HTTP/1.1 redrotou.net/pfe/current/micro.tag.min.js?z=4463447&sw=/sw-check-permissions-fa1f3.js
IP 139.45.197.251:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5915e62bd6dd3c566873fc60daef1e04
54aee4d378fd01598e077499a078e586c648a202
acaa4ad7aa6de7db5f46a50dc0f61046094f4a08c977ebd145eb1efef83e45c1
GET /pfe/current/micro.tag.min.js?z=4463447&sw=/sw-check-permissions-fa1f3.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 09:56:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6357b2e8-12763"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847
IP 139.45.195.8:0
Hash 1d1522de413d0b27a43e7be4efeb0405
58c52eec6da93a26b374308e6189b8af139624f7
d9b7a5a22d87f08fbcb41ab49b3494cf35afa659a2b143800bfab1c62b07b193
GET /p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 22:26:07 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fad25b7b0bd4388e46d13ff41ed90f7
a0756c48d7f3da64f54ef0e0e370f09b00dafa42
9316869939ce48a0d0c16d4a4ffaf37980126be1eaa306a16c247b13ffc386a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9316869939CE48A0D0C16D4A4FFAF37980126BE1EAA306A16C247B13FFC386A7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7122
Expires: Fri, 28 Oct 2022 00:24:49 GMT
Date: Thu, 27 Oct 2022 22:26:07 GMT
Connection: keep-alive
unphionetor.com/vctx?t=90679
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=90679
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=90679 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ezcasinowinners.club
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 22:26:07 GMT
access-control-allow-origin: http://ezcasinowinners.club
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c483b28a9e8630cf5788577a0be33374
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d72d2f5d05f03753594e43fd34398221
ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5
036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5684
Cache-Control: max-age=126926
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 22:26:07 GMT
Etag: "635a3c19-1d7"
Expires: Sat, 29 Oct 2022 09:41:33 GMT
Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ezcasinowinners.club/au/aweber/lp1/main_script.js
104.21.21.40200 OK 311 B URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/main_script.js
IP 104.21.21.40:0
File type ASCII text, with CRLF line terminators
Hash 8b3a0e835d236512492fac630b37a757
eac11f60f5ae6cd79de64c3f5c427acb059fc8f7
34cdccb8f89775bdefb34b79520286c6207e4ee7a1de36d147b26eafc2d1aedc
Analyzer Verdict Alert fortinet Phishing
GET /au/aweber/lp1/main_script.js HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:31 GMT
ETag: W/"6102d063-3d7"
Expires: Sat, 26 Nov 2022 22:26:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hw9riuLZ5rMmaqG2L%2FElfgINTWE2u02DIyyzdaHeF6HQ4aySgNk8zKRhvKftQa8YuA2esksIjMModiYSqxjE7wQLovo%2BDD6gDVHMUX8giLH8wPJjgbmXVPZziS7NuyNo%2F5EyN%2BJTWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760ed9fa5eb7b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kglphAIvOGk2/XDwr/ogZw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: b2Uzva2Mc4I+xdL347bvH3alqy8=
ezcasinowinners.club/au/aweber/lp1/style.css
104.21.21.40200 OK 6.8 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/style.css
IP 104.21.21.40:0
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash 415be501a0dc27096481ed4334a27acd
e5e40ff2cd605ff3334456322655fbfa60d1eb3a
1d3b9dbb02b5f3d9d129acbc9272f6ea931e2cf2adcd02118a960ea1f14bfdff
GET /au/aweber/lp1/style.css HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:29 GMT
ETag: W/"6102d061-9ab2"
Expires: Sat, 26 Nov 2022 22:26:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kV2mQldsbifNRrp9dvjxUXHEZVrFui5oGww0jXCfAv7IxvmvXNKcpJrzialwv2NEqBN%2BY1hGqS2AGOtYgPCpJWuHw%2FF4DiFaT8Ymr0zounGfdBo57rQjy0IGyHfprwqsv5HkgckTzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760ed9fa4c8db503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fezcasinowinners.club%2Fau%2Faweber%2Flp1%2Findex.html
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fezcasinowinners.club%2Fau%2Faweber%2Flp1%2Findex.html
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fezcasinowinners.club%2Fau%2Faweber%2Flp1%2Findex.html HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 22:26:08 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=27af2170e3a14c26b13f4d17bb36cbcf; expires=Fri, 27 Oct 2023 22:26:08 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Fri, 28 Oct 2022 02:28:18 GMT
Date: Thu, 27 Oct 2022 22:26:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Fri, 28 Oct 2022 02:28:18 GMT
Date: Thu, 27 Oct 2022 22:26:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Fri, 28 Oct 2022 02:28:18 GMT
Date: Thu, 27 Oct 2022 22:26:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Fri, 28 Oct 2022 02:28:18 GMT
Date: Thu, 27 Oct 2022 22:26:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14530
Expires: Fri, 28 Oct 2022 02:28:18 GMT
Date: Thu, 27 Oct 2022 22:26:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c17e2f3-4edf-44ae-9b49-0a83b2498309.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c17e2f3-4edf-44ae-9b49-0a83b2498309.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ec53913f994b99340024aa1958102a2
8a2e935e59efbe8a6b4f4fad1ef0b87241731dec
7a17e72f6767e8d129ce43ec41aa535827fbc90b085898f5a764166c7600b48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c17e2f3-4edf-44ae-9b49-0a83b2498309.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10330
x-amzn-requestid: d1306110-4c96-44f6-86c9-542354fb5f26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arw3DHedoAMFegg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635afb60-236067d573debd7b248a3579;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:42:56 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FEgc1gYGoQvntxdOiUoXrDNK6irThtVu-E1iztiw5Zry4zyLE3V9eQ==
via: 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 22:02:13 GMT
age: 1435
etag: "8a2e935e59efbe8a6b4f4fad1ef0b87241731dec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa50e9cdb-811a-4b19-b8f3-5ef198d658d2.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa50e9cdb-811a-4b19-b8f3-5ef198d658d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 778c3efac4fe8fd34b7e0cf37242de39
4b689f83290db7c174ade2febf7b3430adc8dcc3
02c1c749e24b2533673106228ddff20333a79316d427e6880b5d8fb8ef781180
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa50e9cdb-811a-4b19-b8f3-5ef198d658d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15891
x-amzn-requestid: 2c52870d-49cb-4a1f-8a46-e9ee2d7d9090
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arv1-HxuoAMF3ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635af9bf-5f22733f5c48a6c56c93c874;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:35:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dNL18IfhrEwp09Mn_6iIcAL4h8ZIjUs0bcYz0kVlNB6LUEhnuQ3nwA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 21:41:18 GMT
age: 2690
etag: "4b689f83290db7c174ade2febf7b3430adc8dcc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250d1e28-eb33-40d6-b1f3-54b9dc6db605.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250d1e28-eb33-40d6-b1f3-54b9dc6db605.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94b630648bd97dc4a32c2c6f2e0c135b
bd207107f5c6b48295da4b51fc1d3b5f571702d5
f8f6427f4acadfcabc4bde77288790fe86a6561a3a716894a44fc206080454b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250d1e28-eb33-40d6-b1f3-54b9dc6db605.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5661
x-amzn-requestid: 472e1f28-9fd7-4958-833e-ad74f7e35f98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arwdAFGXIAMFp5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635afab9-1e0450f4642203295d608ae7;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:40:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8dC4GSe5AF5KwnRyX-__AxJrDkoG0X87mLI40KtYrqrVhBs016V4Rg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 21:41:30 GMT
age: 2678
etag: "bd207107f5c6b48295da4b51fc1d3b5f571702d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2193431d88baf9af6829421cd13743ff
a192ab139ad0dc5cf206986eb06028ddad224e46
c535e09fb4a53ca580f5f5926d1494c50b6ad6c7c9ec78df6b7015213852b737
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9720
x-amzn-requestid: 6b4749ca-bcb9-4274-a309-e6d463851a6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aV_n6FOSIAMFroA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524632-56186f1f2a0bf68f6dba843b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DjRLNrY4BFc3GwHGBW40LIyh-RYT3hshdKPxXok4KE97fGvatXN6yQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 11:05:53 GMT
age: 40815
etag: "a192ab139ad0dc5cf206986eb06028ddad224e46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9608b604-2fb0-4009-9b22-93d14b2b82a1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9608b604-2fb0-4009-9b22-93d14b2b82a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deef89b8848bc9e554885d50334d12a2
ccad3b77484eaa6b7753aee1252e330fb3a897fe
b65cc5438a40809026d98b9cbe210b9f56d0b055def5a8b03516ac54a5ff82b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9608b604-2fb0-4009-9b22-93d14b2b82a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10727
x-amzn-requestid: 1a1d87f9-4187-45aa-a329-bfcff8ed2981
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arw32FBxoAMFsmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635afb65-163911f12df777e0414e2076;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:43:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oS9JLMr8w10N9Gr6r_PD-x286hBhdKphPgvcqM5PJNdJBn6-idKgpA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 22:02:11 GMT
age: 1437
etag: "ccad3b77484eaa6b7753aee1252e330fb3a897fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fc8f8f0-162f-412f-aae9-5d8f363b48af.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fc8f8f0-162f-412f-aae9-5d8f363b48af.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46deaa111c196a313a563af1e22921a1
c5d29e8859c7d885c5f4829a1fb64e144267ab13
6776e0f75644cc543388587de52bbb78f39cd058cb751e7e84cdd3ca8baa0c9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fc8f8f0-162f-412f-aae9-5d8f363b48af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2987
x-amzn-requestid: 14097870-fb20-4362-b281-4244cf558033
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arv19Fb4IAMFuoA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635af9bf-6c59ff2a3f54af5b675696cf;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:35:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UyYN42fsF2EDEnRYd9ebhfBVnl3CojcYRnzl8tifoVctvZm5xmGdOw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 21:41:18 GMT
age: 2690
etag: "c5d29e8859c7d885c5f4829a1fb64e144267ab13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ezcasinowinners.club/au/aweber/lp1/5e67f0a6ca01e_v.png
104.21.21.40200 OK 13 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a6ca01e_v.png
IP 104.21.21.40:0
File type PNG image data, 268 x 126, 8-bit/color RGBA, non-interlaced\012- data
Hash 4e9495005c85cc7cfbda4466110e48a8
3f6879faa94d4c3a767d4350a3cac329e433854e
ea2f092d35c2e705e0018963035cd06b13c9dc20dd892c0c011ee0473a05cd1a
GET /au/aweber/lp1/5e67f0a6ca01e_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:08 GMT
Content-Type: image/png
Content-Length: 13376
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:58:47 GMT
ETag: "6102d037-3440"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRAncx4WkuQ%2BPL2fV0Gyy%2BXcHqnGCbldb8or%2Fu%2FKI35BSWhTrUk0%2F8O8er7UREEN5iNHfGvxbRCh49DAZDAaf7RHVHWelk4iU9S1JRphn7LaOiAbNLRT%2Ft2b1h1%2FJCp%2Fo%2FG4Hz%2BBVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00dc9eb4f3-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a85429d_v.png
104.21.21.40200 OK 27 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a85429d_v.png
IP 104.21.21.40:0
File type PNG image data, 274 x 417, 8-bit colormap, non-interlaced\012- data
Hash fb6e700a3ec0afc5fb1988945bc01626
bd928bf177a203ee50b790b106df75d751771107
d9a0805ff6c8dfa8a676d3b19684c465469e1265177ee9747ce88a497714fcd5
GET /au/aweber/lp1/5e67f0a85429d_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/png
Content-Length: 26774
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:35 GMT
ETag: "6102d067-6896"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJNPosKS1qAENbYEFnZ172VRrodOn6ZYfKYO3HDLQVktlOvJ7LozsXUJmT98AaSl2GwdqSyP4m0Z0tAUG2oRUIe2KMVFXfiRzBFhrc%2FRmKOnsrCAR%2BwmJmMH4LBRLu6xviMhNjhaXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00dbfeb4f4-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/cashhc.png
104.21.21.40200 OK 32 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/cashhc.png
IP 104.21.21.40:0
File type PNG image data, 363 x 284, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c52de939909399530fe68c55d5d6c92
4c7b5a3461347694c6f8076c6a3192896909426b
ef9623401696a4c11151defd6e88c23175f831447eab99b2b49ef9501884e0a6
GET /au/aweber/lp1/cashhc.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/png
Content-Length: 31615
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:33 GMT
ETag: "6102d065-7b7f"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TmL071zg3aKHkEIKWqhKCg8zfn5EvsWuUgO0KnCnXi0NewzShztTC2gliQ1yswkMU1NIanvum1D5Q3Sbmj9e7mwq%2Fw%2BeLMG3z%2B5DquOFkJSicNvHF7T1VFaauSn7LJ2lhlWokn3Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00dc2fb518-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a828b4f_v.png
104.21.21.40200 OK 46 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a828b4f_v.png
IP 104.21.21.40:0
File type PNG image data, 277 x 558, 8-bit colormap, non-interlaced\012- data
Hash cf230c7057040526271ef730a4f2c538
0cd0c1e88e60ad9ce4a70df1ba80c3c8879cda01
5d2d98590f2a25919b105a484458d20e03298c4369d5f1be42b03e76799fb61c
GET /au/aweber/lp1/5e67f0a828b4f_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/png
Content-Length: 46237
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:21 GMT
ETag: "6102d059-b49d"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqhtpE7f7Rpj4XCf%2FfAuv6Jo9Zy1InVHjmGTG98w2zxmDj%2BOk8C5OmxmcPacVeXqxj1kHU%2B6RSm5MyTSQr1sZg%2Fs0Un2wk6Z5f2GkAWRk3Oqz6FSqMp5QgUDoLcsvaOk2snFrUtylg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00df75b52d-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a6b4533_v.jpg
104.21.21.40200 OK 53 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a6b4533_v.jpg
IP 104.21.21.40:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Hash 88d7f03fd819c7aefcdb1074bb7990fa
882217405770ad036505e193943f34947fbafa48
c3a48888af05fd6567be6d09d13fa63fad286297bf9cd027718c7a7e355ad9ae
GET /au/aweber/lp1/5e67f0a6b4533_v.jpg HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/jpeg
Content-Length: 53443
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:06 GMT
ETag: "6102d04a-d0c3"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50jtEPEzqpeEI84lU5Drll7K5FrOdUj%2BOZyEx4DoH8d%2BE%2FBsiKbKV%2Fr8jHFqh2Z7m1m7S7IcUIt7wqxcFXav8629zcB9xE163v8Xfzeg8R4oGY8R3YqrHDizzu5B6KS5bhhUBBFFIw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00ea60b503-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=3391
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=90679&bid=undefined&aid=undefined&tp=3391
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=90679&bid=undefined&aid=undefined&tp=3391 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ezcasinowinners.club
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 22:26:09 GMT
access-control-allow-origin: http://ezcasinowinners.club
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d61f8399a1a311fdd8d801f117b9b2d0
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ezcasinowinners.club/au/aweber/lp1/5e67f0a6ef344_v.png
104.21.21.40200 OK 6.5 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a6ef344_v.png
IP 104.21.21.40:0
File type PNG image data, 185 x 183, 8-bit colormap, non-interlaced\012- data
Hash 7816622da7fe6bb9b083251c85101dd1
eaa0af79fe084abb6b208d7694b04cf3784e80d0
1da0f0bfc01d6e5ed9d6dfb1ea07c9afb9100cf1a2be7879672059a7dd35c437
GET /au/aweber/lp1/5e67f0a6ef344_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/png
Content-Length: 6484
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:58:47 GMT
ETag: "6102d037-1954"
Expires: Sat, 26 Nov 2022 22:26:09 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hIitfYQISUpRmcPBER3CjZNvvZmmsRp67qdiAbmTGvgRwQVVkqrZ5%2B47L7tWfoc8Cgk5%2FEfIFkzzU2fMFIM0VQHx0iQ6ywSRb16Y%2B7TKkeBJGmRoiFSgT9bodregiOf1JpuImpHpMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda0859dbb503-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/coin.mp3
104.21.21.40206 Partial Content 22 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/coin.mp3
IP 104.21.21.40:0
File type Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Hash c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56
Analyzer Verdict Alert fortinet Phishing
GET /au/aweber/lp1/coin.mp3 HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Thu, 27 Oct 2022 22:26:10 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:58:53 GMT
ETag: "6102d03d-5633"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tDBxiYWeWP6e9G1b8k5J0kH5n%2BEv7oY5ZNuDNdp7boNGzdJbVElFEwoUtIIm19iDxcjnMDY92TzzgsaUIe8UQAM7I6LBnl4oe7g99jzb8WLr9E6KA9s5H%2F2SsOQ1BABykirDwhLdsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 760eda073aacb518-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/coin.mp3
104.21.21.40206 Partial Content 22 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/coin.mp3
IP 104.21.21.40:0
File type Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Hash c74dca6a3ab16c097234033fec7a8573
a6e73f993b73d589b9688a0679bdac39028017a0
79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56
Analyzer Verdict Alert fortinet Phishing
GET /au/aweber/lp1/coin.mp3 HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Thu, 27 Oct 2022 22:26:10 GMT
Content-Type: audio/mpeg
Content-Length: 22067
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:58:53 GMT
ETag: "6102d03d-5633"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osP20whA%2FI9Y%2FMLRMkIza5o7Uhje1esWBrJWOXdzFVxfO7cn22BdKc5VsKpkAwMvfJL%2FcApNfsVLH2yVOiCjhvQ9FlDqvlGKbgF4qy6cE253U45shvikRkRHRDeRHihMEDONI6YMgA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 760eda082b9fb52d-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/sound.mp3
104.21.21.40206 Partial Content 49 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/sound.mp3
IP 104.21.21.40:0
File type Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 277c43fdefb88a30fe36f33a148600f0
2bc68cf98b4b4902bc509c2b53af4baa7efe44d9
9eaa1694cf0be56df45f5424b8b314d45ed55e9ac372e5f0b05bf586e5d4552c
Analyzer Verdict Alert fortinet Phishing
GET /au/aweber/lp1/sound.mp3 HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 206 Partial Content
Date: Thu, 27 Oct 2022 22:26:10 GMT
Content-Type: audio/mpeg
Content-Length: 48945
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:27 GMT
ETag: "6102d05f-bf31"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Content-Range: bytes 0-48944/48945
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FfbREpDJqp8kTpA3TYHnr0aq32fvIdoXz7ug90ijCfgyDAZZdozMYV4R4snh99m8tbar2VOCpL%2B8HDMnnL4WvLYWU3oMUYyMB%2Fb3XGwpr4oL5E6JnC1qypi8YSIyC1pzg0sZOqiHRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 760eda06d8f4b4f4-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a655940_v.png
104.21.21.40200 OK 77 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a655940_v.png
IP 104.21.21.40:0
File type PNG image data, 857 x 204, 8-bit/color RGBA, non-interlaced\012- data
Hash 22d35d6ee41512539e529961fd51f26b
fc8a8a521b4bbbb50871f7439effa916fa1e5a2b
ea18bede2d858dc8467bdc98c7fc9d751d1e1309476a5d5c81f0db96b66c505d
GET /au/aweber/lp1/5e67f0a655940_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:10 GMT
Content-Type: image/png
Content-Length: 76995
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:16 GMT
ETag: "6102d054-12cc3"
Expires: Sat, 26 Nov 2022 22:26:09 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EK%2F1SICh1ymj7%2B24FMWroLGEXGm%2Fitlh%2FQmQhdYlsoUOhkkasEv4wBEyueyojgu5TBopfjfC3uW%2BhRaHT08lhOYyvhTJ7I2t8vGY7Ct5XTrolmRxnYqd2lORfzflwioS4FaxvVhaiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda06488bb4f3-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a4b11b9_v.png
104.21.21.40200 OK 757 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a4b11b9_v.png
IP 104.21.21.40:0
File type PNG image data, 872 x 872, 8-bit/color RGBA, non-interlaced\012- data
Size 757 kB (756748 bytes)
Hash 3ef027366bb237fd9eb040ccad94198c
3e588f5915a38786a29e2e1b10cbf9df4e09004c
4836e6c4891318fd9b274ec2076d04d0f0df3460b9d7d051894c55fd5334c2e7
GET /au/aweber/lp1/5e67f0a4b11b9_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/index.html
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:09 GMT
Content-Type: image/png
Content-Length: 756748
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:58:46 GMT
ETag: "6102d036-b8c0c"
Expires: Sat, 26 Nov 2022 22:26:08 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvayfoIZ%2FKbwY90CrmE532vIqKi9tnxANJsXLRlUT0nTATbaZfcMF%2F%2FYTw5R1DMq1eiHTjqMesydokR1Nb1OPGyX2T%2Bc5bKbOTePcr4pPBib3Oux0trQOVKrcx41hoTiVi8n4vAljw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda00d89ab524-OSL
alt-svc: h2=":443"; ma=60
ezcasinowinners.club/au/aweber/lp1/5e67f0a83ba89_v.png
104.21.21.40200 OK 7.4 kB URL HTTP/1.1 ezcasinowinners.club/au/aweber/lp1/5e67f0a83ba89_v.png
IP 104.21.21.40:0
File type PNG image data, 426 x 137, 8-bit colormap, non-interlaced\012- data
Hash 9e245319753e82681922d644b1983d8e
6ddbf0b42027c06e4bcee68a9bb1019fcaf943aa
2c9bcdd3153da3c92abc1b4403b50e4f911dd27f401aff620a717ad1a0d78667
GET /au/aweber/lp1/5e67f0a83ba89_v.png HTTP/1.1
Host: ezcasinowinners.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezcasinowinners.club/au/aweber/lp1/style.css
HTTP/1.1 200 OK
Date: Thu, 27 Oct 2022 22:26:10 GMT
Content-Type: image/png
Content-Length: 7401
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 15:59:30 GMT
ETag: "6102d062-1ce9"
Expires: Sat, 26 Nov 2022 22:26:10 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvfEmvAKjLP9ulMNRcGVwKKnvolke5kukfWXvz4VA5ChlF4NRWeasbWilxFSd6jQKEGg8RMV2AWS%2FmfMY9PXDCJFoQLaVmtDJGWivozd8vShdS4fQ%2BGcplFTC4M1w6Z0IhtFOlal7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 760eda0bfd19b503-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=90679&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=90679&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ezcasinowinners.club
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 22:26:10 GMT
access-control-allow-origin: http://ezcasinowinners.club
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 94f3ef1b31326ef1fb686fce3d92e59a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4fada07-6e75-444a-8262-1c027c7be385.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4fada07-6e75-444a-8262-1c027c7be385.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cf038646b6fb2335435f816f2561f3f
5de415be18d7a9186bc05a1dd94e45f40602b76d
9bf84cbfd9d93dc382846bf99b2f3b9a2bc576bea916dcb63c0e5bafabedad88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4fada07-6e75-444a-8262-1c027c7be385.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9704
x-amzn-requestid: 627b33be-c731-45ab-bf35-a801627d2fbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: arv3EFoVoAMFTnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635af9c6-152fb7a5440759e165decf98;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 21:36:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Cam7WBkoY5EnFffBwxu4eSGzuf3YwmZ3QWSOigTKVjmIbRvGyr2EgA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 21:41:18 GMT
age: 2697
etag: "5de415be18d7a9186bc05a1dd94e45f40602b76d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 92eb4526c8e4ce6da68ba4f0fc35dc1c
c7490fa4c674a718dbc2e1acecf89fd9bba583a9
af45f9fee6aa64fc04ecde90c131cc2b65e86ecc88966f33163920b3c9fa2d51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF45F9FEE6AA64FC04ECDE90C131CC2B65E86ECC88966F33163920B3C9FA2D51"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2468
Expires: Thu, 27 Oct 2022 23:07:24 GMT
Date: Thu, 27 Oct 2022 22:26:16 GMT
Connection: keep-alive
propeller-tracking.com/fv.js?t=90679
139.45.197.240200 OK 0 B URL HTTP/2 propeller-tracking.com/fv.js?t=90679
IP 139.45.197.240:0
GET /fv.js?t=90679 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ezcasinowinners.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 22:26:07 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c091b2cffaec3f4b8c8346fcc4caaa3c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2