Report - tx.vc/r/3BZ9u

Report Overview

Submitted URL
tx.vc/r/3BZ9u
IP
75.2.93.90
ASN
#16509 AMAZON-02
Submitted
2023-01-20 19:15:59
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
shavar.services.mozilla.com	3602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	204 B	34.223.232.211
www.mrfreeslots.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	844 kB	18.197.71.232
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.162.52.254
tx.vc	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	725 B	75.2.93.90
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
res.cloudinary.com	2520	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.3 kB	98 kB	151.101.193.137
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	50 kB	142.250.74.168
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	438 B	7.7 kB	104.17.24.14
www.googleoptimize.com	1604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	45 kB	142.250.74.78
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.6 kB	213 kB	35.241.9.150
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	887 B	143.204.42.165
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	886 B	196 kB	104.18.11.207
www.slotswise.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.0 kB	18.197.71.232
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.9 kB	95.101.11.115
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	40 kB	34.120.5.221
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.3
firefox-settings-attachments.cdn.mozilla.net	11509	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	412 B	808 kB	34.111.73.144
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	400 B	861 B	172.64.133.15
detectportal.firefox.com	1601	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	428 B	34.107.221.82
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.3 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-20	medium	www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/mfs_assets/css/footer.css?v=24	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/js/jquery.star-rating-svg.js	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/js/custom.js?v=24	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/js/jquery-3.3.1.min.js	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/fonts/JosefinSans-Regular.ttf	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/fonts/JosefinSans-Bold.ttf	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/fonts/Roboto-Light.ttf	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/mfs_assets/img/Logo.svg	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/fonts/Roboto-Bold.ttf	Phishing
2023-01-20	medium	www.mrfreeslots.com/static/fonts/RobotoCondensed-Light.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js	21 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:27 Last Seen2024-04-26 06:11:28 Times Seen16078 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M	113 kB	2023-03-13	2023-03-13
Pretty URL www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:09:40 Last Seen2023-03-13 04:09:40 Times Seen1 Hash 2e1d30ab0598da419fddfdbbfb03c59a 56b0de91c69b4e66b7fe549b6c09e90ab4706edf cb554cf6e8b92e533c27a99e87857e97a9a96ae142733668c7328086dbecd94b Loading...

	www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901	405 B	2023-03-12	2023-05-26
Pretty URL www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:13:05 Last Seen2023-05-26 19:10:26 Times Seen5 Hash fc484be908faca9d4cfb199f1e8acc6a 8d46754c09ee23afb50e0a4343ece58af5a01dfb 1bf5e45cecf5e7e34d33681bf3a4062f0e1b575755b546d00c6429d4c31817ab Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 07:43:42 Times Seen37086497 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901	3.3 kB	2023-03-08	2023-05-26
Pretty URL www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:34:23 Last Seen2023-05-26 19:10:26 Times Seen18 Hash b67ffa65e11275d6ca8b3bf81724a497 7e0b7515468e4dc8eb8a9b648ee113e899d221d6 1c966f2216a06d1569235fa10f05ea5b035cf8e5d8de42e23d2c779860bb99fe Loading...

	www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901	340 B	2023-03-13	2023-03-13
Pretty URL www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:09:40 Last Seen2023-03-13 04:09:40 Times Seen1 Hash 6b295f8cf2d98e91ec3202daee4d81ad f4b07404226e7dbd3a41e78f552acb93b9e166b0 d7ba3e9c88d7a0862bbcab16ded80c1be678c4b8b568da5c38fc34e2dc3fbe2a Loading...

	www.mrfreeslots.com/static/js/jquery.star-rating-svg.js	12 kB	2023-03-07	2024-02-14
Pretty URL www.mrfreeslots.com/static/js/jquery.star-rating-svg.js IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:11 Last Seen2024-02-14 08:46:33 Times Seen84 Hash af607d2208a57968ab7047f42d2e82a5 299c7600893333c708212f8b65689d748a148a8a 32a1ee2fe595384779fa1dd2c03d8848ee19bf1cf52d3d71f688274e474bae2d Loading...

	www.mrfreeslots.com/static/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-24
Pretty URL www.mrfreeslots.com/static/js/jquery-3.3.1.min.js IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:49 Last Seen2024-04-24 09:57:34 Times Seen167419 Hash a46fb81762396b7bf2020774a2fb4d9e fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7 d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-25
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-25 19:59:10 Times Seen19599 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901	369 B	2023-03-08	2023-05-26
Pretty URL www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:34:23 Last Seen2023-05-26 19:10:26 Times Seen19 Hash 2e9c99c0809055a141e5c0f950ed2a5e 87706d26ff58b4ee6e8a07f348bd31ea89b22985 0d9e7a01637dae3e3b469a206678658c036111675fdfc2d0c83bac2e78d8a0d6 Loading...

	www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901	294 B	2023-03-08	2023-05-26
Pretty URL www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:34:23 Last Seen2023-05-26 19:10:26 Times Seen18 Hash 64e96399b8db5598a7c2d74563f3e86c 065c8a6047d692735ec9aa74d79b635f0b078bdd 0245246b1d05c4e3f010e3e496140697c5a604d7a4bfcff3c6d218cc491097d3 Loading...

	www.mrfreeslots.com/static/js/custom.js?v=24	2.5 kB	2023-03-08	2023-05-26
Pretty URL www.mrfreeslots.com/static/js/custom.js?v=24 IP 18.197.71.232 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:58 Last Seen2023-05-26 19:10:26 Times Seen53 Hash 5d16b20f6d0a08f897e59e8f1868810d 7825e4d97cf46f535bfc4b2d68f66ae64a5a1851 4cd0e6fcd1f5d7b1203899ff64770171e45a69c1770b3ddfc1692cdd1f4aaffe Loading...

HTTP Transactions (83)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 20 Jan 2023 10:15:19 GMT
Age: 32423
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

tx.vc/r/3BZ9u

75.2.93.90

301 Moved Permanently

134 B

URL HTTP/1.1
tx.vc/r/3BZ9u
IP
75.2.93.90:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /r/3BZ9u HTTP/1.1
Host: tx.vc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 20 Jan 2023 19:15:42 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://tx.vc:443/r/3BZ9u

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4401
Expires: Fri, 20 Jan 2023 20:29:04 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aa1eb7cb9d11732fecca574bc559e922
c85ad8413e851db993b25fccd6b048f151297eaf
acb797a002530fa975759be3cecf6a7ab8efb754e2e5b16008d1ea39a624d995

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACB797A002530FA975759BE3CECF6A7AB8EFB754E2E5B16008D1EA39A624D995"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5492
Expires: Fri, 20 Jan 2023 20:47:15 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

39 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
39 kB (39066 bytes)
Hash
cf799618435ba54abdba98124e41846f
b3237b6b768a8cc627d78d8b30541eb9d87fdf00
9875897aec57a4e74146a23929bf03dee3b531336f98edf544cb5ef6a9ff3ce2

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: ngk2GyusLFCpRATED36iysLL5_j9Qt6Jv5thoAyi0tYx4mpDxlAKTw==
content-encoding: gzip
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 19:09:04 GMT
age: 399
content-type: application/json
content-length: 39066
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19851
Expires: Sat, 21 Jan 2023 00:46:34 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: a9ZXoCIRxOKuXyVm8C+J3BL1AKa0l3/3MxE5b3l+i1H8XyR87mCJXN9DEU3X0DUHHqifsqP1HIg=
x-amz-request-id: QWT03M9Q5PVXNG45
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 18:36:12 GMT
age: 2371
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2934
Expires: Fri, 20 Jan 2023 20:04:37 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 18:34:37 GMT
content-type: application/json
age: 2466
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 19:15:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
768cd30f1e1b2fe343173f1f0f9d4c2b
82f73d30e8bdf438dd91c274af17836628a43bcb
0e76760e198db89d26c17a23c64fb1689cdc4eeaf74cf7319f1d38e2f9514e6c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63c70b0b-1d7"
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oSKQG_VLUBG--2tRploxX6fNJCvW6-scFYnxHsDwVdyGXTkyU7a8Ug==

tx.vc/r/3BZ9u

99.83.131.60

302 Found

0 B

URL HTTP/2
tx.vc/r/3BZ9u
IP
99.83.131.60:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/3BZ9u HTTP/1.1
Host: tx.vc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Fri, 20 Jan 2023 19:15:43 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
server: Apache
x-frame-options: tx.vc
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f5fd3cdcda71c8f027ce632a3db5e5f3
1352de7ce2b040943c930aa242b6ae51b52a2d5a
3e5ca42c723a8e3d4617a8f4649b91df9113005766ef200c3210c58b2409200d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4128
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63c98404-1d7"
Last-Modified: Fri, 20 Jan 2023 18:06:55 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb10ed4e38879fe146c4f5f2167d6c0a
a642d9e17941cbc8ceb33ae58730c02d6417e8a8
3f654672631bcf027624670b9ac895bad0860555a49e0690a5e48dfcf50d3c14

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F654672631BCF027624670B9AC895BAD0860555A49E0690A5E48DFCF50D3C14"
Last-Modified: Fri, 20 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2894
Expires: Fri, 20 Jan 2023 20:03:57 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4841
Cache-Control: max-age=141113
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 10:27:36 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 18:17:28 GMT
age: 3495
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

34.223.232.211

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
34.223.232.211:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Fri, 20 Jan 2023 19:15:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901

18.197.71.232

200 OK

10 kB

URL HTTP/1.1
www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (581)
Size
10 kB (10111 bytes)
Hash
c37535b0d44717fcaa95a03a181fd352
b1537652f282515bb9b668b75817d90319a522bd
49a5db35a1c0883696c92d6111e5ee3448e98b5b819c82439d4754b5c8bf4959

HTTP Headers

GET /lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Vary: Accept-Encoding, Cookie, Accept-Language
Content-Language: en-gb
X-Content-Type-Options: nosniff
Set-Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; Path=/
visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; expires=Fri, 20 Jan 2023 22:15:43 GMT; Max-Age=10800; Path=/
da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; Path=/
csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; expires=Fri, 19 Jan 2024 19:15:43 GMT; Max-Age=31449600; Path=/; SameSite=Lax
sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; expires=Fri, 03 Feb 2023 19:15:43 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
Content-Encoding: gzip

www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24

18.197.71.232

200 OK

3.2 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
assembler source, ASCII text
Size
3.2 kB (3232 bytes)
Hash
eb35daa1816ff8eda17cf88ba366b007
22898895b6279343be2eca508b3935b409b313f2
ebe011a07198cdca52d620eceaa8e6018a8f6ca8c655900167d4c9035baf77d8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/mfs_assets/css/new_offers_page.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Tue, 28 Jun 2022 09:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

push.services.mozilla.com/

35.162.52.254

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.52.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3Gdb+e1dpArcWOVMW9NK7g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5IJ6d2Nv0W8D1NfzvdI8/yIIbxw=

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24

18.197.71.232

200 OK

1.3 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
assembler source, ASCII text
Size
1.3 kB (1281 bytes)
Hash
c50c81c69173e5ee771eeb26c88b344e
9ce0719dcbd78518e9dedd1ddfcf4786edaa8edb
1a3e63230a57c7d2736f5cd4170160dc6ce8e65dbfd55f42aeaa89006fd8cd13

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/mfs_assets/css/ticker-strip.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Thu, 18 Feb 2021 14:33:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

104.17.24.14

200 OK

6.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20831)
Size
6.6 kB (6646 bytes)
Hash
368c425fc94c424e1688caadefbed981
13d24c22c199ef6668d758434819f44307a65094
ed9c7a83e1c1300a93ecd08807a736ebe7b87ab8262a40bc7e3859d00a46a102

HTTP Headers

GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 6646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-520c"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 87333
expires: Wed, 10 Jan 2024 19:15:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZMP6Tt9IyEMd%2FYE9SvLFaw%2BvBo43eAZLQQqZ70Iy%2BYRwk7QbBBP5I2cwFWMdAM6h3sUnrEOTK1CZXyP7bgYYF%2FYZh8CQG%2B8H2Cs7QEUGNC%2BQCx4faYg87YWHVz5Ld6KfJgZwrWj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78ca23f888130b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 20 Jan 2023 10:15:19 GMT
Age: 32425
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

www.mrfreeslots.com/static/css/star-rating-svg.css

18.197.71.232

200 OK

272 B

URL HTTP/1.1
www.mrfreeslots.com/static/css/star-rating-svg.css
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (487), with no line terminators
Size
272 B (272 bytes)
Hash
35e70490396b03528922aef96a7b6158
5c83e732b4159905c7ddae10bbed46374661a0e6
d796f1a85491909b73d77bc3509835503dbf70a9d49f05cede2d7653aaab47a7

HTTP Headers

GET /static/css/star-rating-svg.css HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Wed, 28 Oct 2020 15:55:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

www.mrfreeslots.com/static/mfs_assets/css/footer.css?v=24

18.197.71.232

200 OK

1.1 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/css/footer.css?v=24
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
assembler source, ASCII text
Size
1.1 kB (1148 bytes)
Hash
64d22e9b935b567b45479ab7029f1802
361fefbc1de598442c3491c392c57eb2d53b7de8
c3814d20b9c6f334f8c2c1d60ac4230a83cadb37961e9c4dcec8d1cbca03bd88

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/mfs_assets/css/footer.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
514f346a7af0070736d92010d541f239
78a4572852b5503a5ed2bb23fc0e4ae9376d9fcf
fb3a650465ebfe7483bb1f83da440188779e2e2cdb181bd082874609a66547ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:19:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

www.mrfreeslots.com/static/js/jquery.star-rating-svg.js

18.197.71.232

200 OK

3.9 kB

URL HTTP/1.1
www.mrfreeslots.com/static/js/jquery.star-rating-svg.js
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (661)
Size
3.9 kB (3920 bytes)
Hash
7bb300a2dbfed0ea4daaea7e47bd0c2c
d1cb2c5fb8692971359012a5167387554555a1c8
cee510b5f80fc1f4d6b275820a91551019098d2430688e7fd29f305dba32bf73

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/jquery.star-rating-svg.js HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 28 Oct 2020 15:55:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

www.mrfreeslots.com/static/js/custom.js?v=24

18.197.71.232

200 OK

926 B

URL HTTP/1.1
www.mrfreeslots.com/static/js/custom.js?v=24
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
926 B (926 bytes)
Hash
a712be49f55b9de162f2d8fd992af49b
ef0d07082f772dcd523878a4f24bc8b769affd67
00d86e8eb5c558945beabfb7a4fee49e6ae97784596786dcc49449af5465b32c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/custom.js?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Oct 2022 13:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

www.mrfreeslots.com/static/js/jquery-3.3.1.min.js

18.197.71.232

200 OK

30 kB

URL HTTP/1.1
www.mrfreeslots.com/static/js/jquery-3.3.1.min.js
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
30 kB (30288 bytes)
Hash
2d495f5054edf410ef67b9fe39614157
f5048eecb20bffb83bf13f272d2b6599d2ed1a89
97ada30dad98a4983f45c054190b82147114acf4145f843c1c9ee9cd3123f698

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Oct 2020 17:50:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip

www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M

142.250.74.78

200 OK

44 kB

URL HTTP/2
www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (44381 bytes)
Hash
ee13df3cea348093c30bff75d5451b98
c33c9fad76eba78d8b64d1a93f5f222f73ed911d
37c59d9e4f939f31cea11421ca330c0144a06d82878b184762f77a165d19e4a6

HTTP Headers

GET /optimize.js?id=OPT-KDLNH7M HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 19:15:44 GMT
expires: Fri, 20 Jan 2023 19:15:44 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44381
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
514f346a7af0070736d92010d541f239
78a4572852b5503a5ed2bb23fc0e4ae9376d9fcf
fb3a650465ebfe7483bb1f83da440188779e2e2cdb181bd082874609a66547ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:19:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22

35.241.9.150

200 OK

21 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Size
21 kB (20973 bytes)
Hash
18fb686545e1495981520cb6525e77e0
9dd1146cb0af54f84fb8eb6192ab7923003e5aa5
d117a578dc84728a86110f18ac99bb22eddef631efb52e41ad15af7ef1874b20

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Fri, 20 Jan 2023 18:42:05 GMT
last-modified: Fri, 20 Jan 2023 18:37:14 GMT
content-type: application/json
age: 2019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png

151.101.193.137

200 OK

17 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 700x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (16948 bytes)
Hash
b92bd49d2e421dca1a204911ea42b755
5c010f83078cadaef01a80d8558123840afc3351
60b295c97a180e8e2e28f9b4571d86838a652012f5cc303ede3b71f42569afea

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1644417426BUTLERS-BINGO.webp"
content-type: image/webp
etag: "b92bd49d2e421dca1a204911ea42b755"
last-modified: Tue, 10 May 2022 11:26:23 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 16948
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png

151.101.193.137

200 OK

11 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 700x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11274 bytes)
Hash
2551a94f7b4fdf4b0b7dda93a7bfa8d3
3e72a679af9784ea5a8473333a9d94a54e6eed17
cb9c4a412ead1919d3fd5cc9713788928f940e25155611e6a1856df5d11b31d6

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-disposition: inline; filename="1660128061FABULOUS_BINGO.webp"
content-type: image/webp
etag: "2551a94f7b4fdf4b0b7dda93a7bfa8d3"
last-modified: Wed, 10 Aug 2022 10:47:58 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 11274
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png

151.101.193.137

200 OK

14 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
14 kB (14370 bytes)
Hash
a89d87a7e15400df842858215f4b4b37
fe9609984457e9b674eac83bfc417737b81e5913
d1a7d2f833f4579264b48b2d28b64f6dc90e5b7bce24ef3c10f375372baf562e

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-disposition: inline; filename="16209886481612097818MIRROR_BINGO_2.webp"
content-type: image/webp
etag: "a89d87a7e15400df842858215f4b4b37"
last-modified: Tue, 10 May 2022 10:41:09 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=3;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 14370
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png

151.101.193.137

200 OK

12 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
12 kB (11620 bytes)
Hash
8866baad8b1658a5f287bbcfd699b7de
7e6f3e273c712e048dd03efe1c8ed47fbd595cb0
d4078121220b82b5bc311f81642b25a6fb40e557cec1498e44ca6a0b0a1e623a

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1665484498SLOTSBABY2.webp"
content-type: image/webp
etag: "8866baad8b1658a5f287bbcfd699b7de"
last-modified: Tue, 18 Oct 2022 12:56:39 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.318Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 11620
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22

35.241.9.150

200 OK

15 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (14594), with no line terminators
Size
15 kB (14594 bytes)
Hash
8b50a98d04dbb592246807c9d46e1cbb
0bd0fc6b9d02756975e43b02fcb1c0bbb1fb2520
0d2ebe72916412b1a538b68637263d5537f0f09a576e4498d84f2d38582f5a4f

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 14594
via: 1.1 google
date: Fri, 20 Jan 2023 18:47:28 GMT
last-modified: Fri, 20 Jan 2023 18:37:14 GMT
content-type: application/json
age: 1696
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png

151.101.193.137

200 OK

5.1 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.1 kB (5078 bytes)
Hash
45199d1036a60af39b047a316e393d8e
c93f4a226544df2786de87c339d629772484db5c
918f7883fb1ec703639d7998444c75f71baff6f152210d0ddc652ae77673d478

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1667486465MAGIC_RED.webp"
content-type: image/webp
etag: "45199d1036a60af39b047a316e393d8e"
last-modified: Tue, 08 Nov 2022 11:59:59 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=1;cpu=0;start=2023-01-20T19:15:44.320Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 5078
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png

151.101.193.137

200 OK

13 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
13 kB (12992 bytes)
Hash
1c07e9d64df9661679e7da1da6ef430a
33742243206eab074d159bd39346b335ce9cf052
8cf32a07f0bda07ece35d5632befd2eb222e3f7a93276940fe154817d8964c7d

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1651222407WILD-WEST-WINS.webp"
content-type: image/webp
etag: "1c07e9d64df9661679e7da1da6ef430a"
last-modified: Tue, 10 May 2022 10:41:08 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=4;cpu=1;start=2023-01-20T19:15:44.329Z;desc=hit,rtt;dur=17
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 12992
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-WLKT5NZ

142.250.74.168

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WLKT5NZ
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2773)
Size
50 kB (49558 bytes)
Hash
7394e7c3b3d5bd1fb3470a796bed55f9
7fefd0fabbd38206e3221ef02021f67fafef2828
e508206d213f5e4d5b3dddd28d3b6587368fb72bba0709bd6450573328d16632

HTTP Headers

GET /gtm.js?id=GTM-WLKT5NZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 19:15:44 GMT
expires: Fri, 20 Jan 2023 19:15:44 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.mrfreeslots.com/static/fonts/JosefinSans-Regular.ttf

18.197.71.232

200 OK

58 kB

URL HTTP/1.1
www.mrfreeslots.com/static/fonts/JosefinSans-Regular.ttf
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2010 The Josefin Sans Project Authors (https://github.com/ThomasJockin/JosefinSansFont\012- data
Size
58 kB (58548 bytes)
Hash
6762afeccd02d16a80409b78fb85251c
1320915dbd19243be53f5458f1b6f2881efc7e67
31ed94e56b1225f07307210cc2ea46e2209b71fe284423f6929f9cdab124e86d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/fonts/JosefinSans-Regular.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 58548
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-e4b4"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.mrfreeslots.com/static/fonts/JosefinSans-Bold.ttf

18.197.71.232

200 OK

58 kB

URL HTTP/1.1
www.mrfreeslots.com/static/fonts/JosefinSans-Bold.ttf
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2010 The Josefin Sans Project Authors (https://github.com/ThomasJockin/JosefinSansFont\012- data
Size
58 kB (58416 bytes)
Hash
9ac2a60828c8f6e627f4f628899398f0
b1b440257fcb021f25f1e845b3091e41189695c4
607a55db524faad26263089be4c1a7085072cf2ccf34b3546610288b418a0381

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/fonts/JosefinSans-Bold.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 58416
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-e430"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.mrfreeslots.com/static/mfs_assets/img/Background.png

18.197.71.232

200 OK

158 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/img/Background.png
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced\012- data
Size
158 kB (158359 bytes)
Hash
7f95101572540001a259b2bd538f77fc
5b0d4034173d3122182c9aa4e624d53ee7d0edc8
f56c29fbae418a9e54355df723b50bc69fe5f40811da2fc94af692fd6b993ca8

HTTP Headers

GET /static/mfs_assets/img/Background.png HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/png
Content-Length: 158359
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-26a97"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.mrfreeslots.com/static/fonts/Roboto-Light.ttf

18.197.71.232

200 OK

170 kB

URL HTTP/1.1
www.mrfreeslots.com/static/fonts/Roboto-Light.ttf
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 18 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto LightRegularVersion 2.137; 2017Roboto-Ligh\012- data
Size
170 kB (170012 bytes)
Hash
88823c2015ffd5fa89d567e17297a137
92cc3b6f9440193c12fd02ed690e434d685a9cc8
db02096a91c20ab62d459001a1059bc8d78caa35d637dc91494c4440815a6ac1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/fonts/Roboto-Light.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 170012
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-2981c"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png

151.101.193.137

200 OK

11 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
11 kB (10720 bytes)
Hash
6e3f56ab9c1ad2f326f65b24c5741980
b78055a51fb502f4be8d4d73db6d7d5e1eca5eea
603fe3177e5cfb91ba25da1ead2e8c40d9ae20d673d1eb9c066a04b144cb1e7c

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-disposition: inline; filename="1665577263SING_BINGO.webp"
content-type: image/webp
etag: "6e3f56ab9c1ad2f326f65b24c5741980"
last-modified: Wed, 12 Oct 2022 15:06:44 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=150;cpu=1;start=2023-01-20T19:15:44.307Z;desc=miss,rtt;dur=19,cloudinary;dur=56;start=2023-01-20T19:15:44.355Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 10720
X-Firefox-Spdy: h2

www.mrfreeslots.com/static/mfs_assets/img/Logo.svg

18.197.71.232

200 OK

2.4 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/img/Logo.svg
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2427), with no line terminators
Size
2.4 kB (2427 bytes)
Hash
f5737d1f1c7bdfa58856400df4c1df2d
adc94186482cb97a17918bebad0eb8042d515391
ef0bd6338222716b8f5cfb947f481e2d233b7edb01f2f7efb1ebacf3c37efd1e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/mfs_assets/img/Logo.svg HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/svg+xml
Content-Length: 2427
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-97b"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.mrfreeslots.com/static/fonts/Roboto-Bold.ttf

18.197.71.232

200 OK

170 kB

URL HTTP/1.1
www.mrfreeslots.com/static/fonts/Roboto-Bold.ttf
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size
170 kB (170348 bytes)
Hash
e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/fonts/Roboto-Bold.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 170348
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-2996c"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.mrfreeslots.com/static/fonts/RobotoCondensed-Light.ttf

18.197.71.232

200 OK

168 kB

URL HTTP/1.1
www.mrfreeslots.com/static/fonts/RobotoCondensed-Light.ttf
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
TrueType Font data, 18 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto Condensed LightRegularVersion 2.137; 2017R\012- data
Size
168 kB (167568 bytes)
Hash
885e5558c90864ddb72ad486f36470cc
b65ec310689040b32a54e62269e8b83e3c40f89e
e4787def35e6d46bb0bef6f6086cceddfc357476858b0e77b3587f6faebe666d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/fonts/RobotoCondensed-Light.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 167568
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-28e90"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png

151.101.193.137

200 OK

3.8 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.8 kB (3750 bytes)
Hash
602638d9c42c780b37033b330f390fa5
e8fac790801f179ada7f60cac029c67943e808fb
7d80f01fa2c60e5c7c712ab49a1aeefb24831a96dc69513e4f8da000465bb0a9

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1617025101POKERSTARS-CASINO.webp"
content-type: image/webp
etag: "602638d9c42c780b37033b330f390fa5"
last-modified: Tue, 10 May 2022 10:41:09 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=202;cpu=1;start=2023-01-20T19:15:44.323Z;desc=miss,rtt;dur=19,cloudinary;dur=109;start=2023-01-20T19:15:44.370Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 3750
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 18:49:34 GMT
content-type: application/json
age: 1570
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c9984d5c620e41ba04fb1532f748fb9
e0023265f90e595dfcfc67504fc47501b3fc026a
ed120934226911bd964e091ccb429df35520b93af4c5639d34838fa2a4006b33

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED120934226911BD964E091CCB429DF35520B93AF4C5639D34838FA2A4006B33"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 20 Jan 2023 20:26:34 GMT
Date: Fri, 20 Jan 2023 19:15:44 GMT
Connection: keep-alive

stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

104.18.11.207

200 OK

194 kB

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65324)
Size
194 kB (193775 bytes)
Hash
3aba9636589fe405ed993857f4913394
912cfb4f9e8962b19188d07f0be0a394e8c4a77a
3ea8a2a95bcc08cabd915c6b7de4c9390c55cdaf34a8775c49b72806683fd229

HTTP Headers

GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 01/04/2023 11:35:40
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: b9d09dc1f54a34472432b03e45b54619
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78ca23f8a962b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: wjePtn4DAnNmuTkdcDkI94NmqTCeeBOL4sF+sgho/Ciznhx86pIPnXU6bfNiMkwTryCb+vofr2E=
x-amz-request-id: NKRGS5M85MVAFN2M
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Tue, 17 Jan 2023 12:42:00 GMT
age: 282824
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png

151.101.193.137

200 OK

4.3 kB

URL HTTP/2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png
IP
151.101.193.137:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.3 kB (4276 bytes)
Hash
9422908728e9f9aa2f4713c9045ec687
84117a5dd1d33a06454c087ae1627339f75498f5
a7d122f591f6a55c449151a27df1651e8737a0cfaf1599cc9b941ce92ca4f28f

HTTP Headers

GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-disposition: inline; filename="1646257890BONUS-BOSS.webp"
content-type: image/webp
etag: "9422908728e9f9aa2f4713c9045ec687"
last-modified: Tue, 10 May 2022 13:05:28 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=434;cpu=0;start=2023-01-20T19:15:44.319Z;desc=miss,rtt;dur=19,cloudinary;dur=63;start=2023-01-20T19:15:44.644Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 4276
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22

35.241.9.150

200 OK

88 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (88028 bytes)
Hash
e6c4fd25ad64e2f08f2b55fb84462da9
36047bc5b7c3a56b20424868bc7fb6e3b6833511
ebb8d34419fca6a8794b5133ed4c4f66910d54481025dc29c6d3daa32a334bf8

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 88028
via: 1.1 google
date: Fri, 20 Jan 2023 19:11:35 GMT
age: 249
last-modified: Fri, 20 Jan 2023 05:28:42 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e07986e10c05c33f45491941cd3d4d7
387f33876d89468f9c62c5cb3e9daac321b1b705
237a9dcedc5d9ba8ae09283789124ff4d5e73c7dd51ef4b47a5a51afb565bb49

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "237A9DCEDC5D9BA8AE09283789124FF4D5E73C7DD51EF4B47A5A51AFB565BB49"
Last-Modified: Fri, 20 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 21 Jan 2023 01:15:44 GMT
Date: Fri, 20 Jan 2023 19:15:44 GMT
Connection: keep-alive

www.mrfreeslots.com/static/mfs_assets/img/Favicon.png

18.197.71.232

200 OK

1.7 kB

URL HTTP/1.1
www.mrfreeslots.com/static/mfs_assets/img/Favicon.png
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type
PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1727 bytes)
Hash
c6a853f0f5efb340594524a32afe03e4
34729b43c4e7714122c9e9e8d7623449a89feeea
8aae7d3977e78a2681b6d0ac4bf33fa2ab14e97d4221957e25d1cbf7ad4175c6

HTTP Headers

GET /static/mfs_assets/img/Favicon.png HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/png
Content-Length: 1727
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-6bf"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO

18.197.71.232

301 MOVED PERMANENTLY

0 B

URL HTTP/1.1
www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO HTTP/1.1
Host: www.slotswise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 MOVED PERMANENTLY
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN
Location: https://www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
Content-Language: en-gb
Access-Control-Allow-Origin: slotswise.com

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22

35.241.9.150

200 OK

17 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (17319), with no line terminators
Size
17 kB (17319 bytes)
Hash
d98a8694f5319841aca0ce5665cb70bd
0343776c07afb11211f5e6b9f5f54156190d37e3
317c9f3e63a171b7fb793250a9720ef5150cb4f795c2f6aa7808a7e589e6318e

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17319
via: 1.1 google
date: Fri, 20 Jan 2023 19:08:13 GMT
age: 451
last-modified: Thu, 19 Jan 2023 17:02:14 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO

18.197.71.232

200 OK

0 B

URL HTTP/1.1
www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
IP
18.197.71.232:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO HTTP/1.1
Host: www.slotswise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mrfreeslots.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept, Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN
Content-Language: en-gb
Allow: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: slotswise.com

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
d77c6f3eed3ee3299df7f69d5daa9a96
7089332f1140ccb768a7d778eca42b1f393d68cf
dd907320f63ca60a13d87eea545d3d918e002d23a042f2c31161c9fa5734c3fc

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Fri, 20 Jan 2023 19:10:33 GMT
age: 312
last-modified: Thu, 19 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22

35.241.9.150

200 OK

2.1 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2143), with no line terminators
Size
2.1 kB (2143 bytes)
Hash
adc8f38454b04c324a51f1b3663f110a
12e1d854cc80650b9e00a27eb4ebdc93101e6a51
6bfe98ae6ffe807dc29b973716fdbf44b730fd23ff7941106e9da9d5a366b9f5

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2143
via: 1.1 google
date: Fri, 20 Jan 2023 19:14:11 GMT
age: 94
last-modified: Thu, 19 Jan 2023 12:49:37 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22

35.241.9.150

200 OK

54 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (53706), with no line terminators
Size
54 kB (53706 bytes)
Hash
a81163f84d5323ac2c0f2e9186cb849d
123b9f65d4c66b2bf660d2b091abbcf719180538
cf7c529c0bfe41c88763a85c284bcee25ddc27f68858d1030b4b04434d1839fa

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 53706
via: 1.1 google
date: Fri, 20 Jan 2023 18:47:29 GMT
age: 1696
last-modified: Wed, 18 Jan 2023 20:21:56 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1718), with no line terminators
Size
1.7 kB (1718 bytes)
Hash
3292ba62caa5fec67ea0d90d1e97e8da
b61394006887664253e50ea6f021c6254ae16b9b
a3dfe94751c3f663fd11c09cc52e9d61ee8713906a7d657305b40b33078fe30e

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1718
via: 1.1 google
date: Fri, 20 Jan 2023 18:27:12 GMT
age: 2913
last-modified: Mon, 16 Jan 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1251), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
a15652d2ad5a61b333b603a147df4087
f737222311cbc30f90aeacadea9f48e460710e74
c49c6ab42f400eab679ca2a696f76e8083c9ac8fa81f45716ec027a12d29fab9

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1251
via: 1.1 google
date: Fri, 20 Jan 2023 18:25:11 GMT
age: 3034
last-modified: Mon, 16 Jan 2023 16:36:42 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

682 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
668f51f448163fe951f3449c028bfd40
8d624c9419b30c8be7f62724ccd6095f7c4794ef
f3feec2c60186018c18cfcd262d851e35223e8285139c96a89335bb473972395

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Fri, 20 Jan 2023 18:24:37 GMT
age: 3068
last-modified: Fri, 13 Jan 2023 16:36:53 GMT
etag: "1673627813356"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

934 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (934), with no line terminators
Size
934 B (934 bytes)
Hash
20b9199d0871aa8d1f02e09fc0de6a48
874015ed48e4ccc4d1d3dc4a979d50eaeb059d8c
07214176412ea5e83b5be84ca1d401061fac8b20275e2ee7da3189de2fdba7ed

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 934
via: 1.1 google
date: Fri, 20 Jan 2023 18:32:29 GMT
age: 2596
last-modified: Fri, 13 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10867 bytes)
Hash
3638dc76d0638625ac9a31c038df3a44
deff1903d591273a96d538ae77988d8a080e228c
8382af3843ebeca8e5c13fdd60f7fb92b479915416f36686fce40566fd87ce68

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10867
x-amzn-requestid: 8d882e21-d4c5-49ac-b76a-198cec065377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnVTEfpoAMFgJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8ee-6579537e6a82269f4bc99395;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:41:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 83ssVBkpe4gl1kI8bKYu90Vee3r32V_IiqQxtvt_TfAFk6DsDfyoTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:09:52 GMT
age: 75953
etag: "deff1903d591273a96d538ae77988d8a080e228c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13812 bytes)
Hash
d3af2d51fb89ef0261ba025d76169261
9b3f4e3f63b64030624e02ad6ab8ef43a676dd66
c3d5a6f829dc59db8ed27a92fcfc6d387633bb43388e2c19d68b89356a13b1cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13812
x-amzn-requestid: c80287a0-4ce9-47bf-9658-693431f30a49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFEvIAMF1lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-6d73a53e2ffc2ec505dff89b;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y8DaJvgqntmOKzXMdwFwsibvll4D9YUqDz0XsbbhcKKiYEazXiag7A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:36 GMT
age: 75789
etag: "9b3f4e3f63b64030624e02ad6ab8ef43a676dd66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5351 bytes)
Hash
1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XH59pHdrdzBmByq_DN9OlVh-Y3MGiR-V9KzWnaR9QR_7evQt--UOdA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:09:42 GMT
age: 43563
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7111 bytes)
Hash
f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:54 GMT
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
age: 75771
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
5553b06c7dde4dc377f9f4e65bc8ace7
9dca5486485416d1aef199be08a50abd717addc7
33a5d1a21738218e0a6fe16d79045bd390af2e84073330a0a94c03812e1ba3ba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 70710215-b8fd-44eb-8b50-f0948f98366c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFNvoAMF3ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-19e7e3865ce991cb5447f0f2;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Fc9dIiT5QQaTowAA6lp8ffJl4Niq3i_iVe54lYhAV52kJ8Q98EMJqQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:44 GMT
age: 76261
etag: "9dca5486485416d1aef199be08a50abd717addc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5588 bytes)
Hash
6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ruj2jeo2zhuDhIPufqckFmqP0Cx7ECNYRyxBYgQbHhkWH4o3m1L-OQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:29 GMT
age: 75796
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.6.3/css/all.css

172.64.133.15

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.6.3/css/all.css
IP
172.64.133.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.6.3/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: text/css
x-amz-id-2: PFm9fUN0xas2W111Iiri/0dSDg95gX66LGBCZuSy+BB/89hYUurN0U6cPuND+nJjMfaoeC5iUOU=
x-amz-request-id: 1ZVBJN1S69T89QT1
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
etag: W/"dc93d584e41f8417f6b7163320d34329"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1012701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hcMR0WM92PGXOL7muyD5BWbvhEMz%2Bz7r%2FLTuqAFQLBl1utMHq7l9J5t7SeS01AugR%2FOvT7CgajGrZ4wNZUtwhkyQ0Sqj%2F0QXJa1F8cyWcBBhQ2EjedON2w0Ft%2FydcAVO4ZAvw2WU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ca23f92b2e06d9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js

104.18.11.207

200 OK

0 B

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"e1d98d47689e00f8ecbc5d9f61bdb42e"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 01/05/2023 11:06:25
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1079
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0bca493cca1ea7ef24e203dced01216e
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78ca23f8d9c8b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL