detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 20 Jan 2023 10:15:19 GMT
Age: 32423
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
tx.vc/r/3BZ9u
75.2.93.90301 Moved Permanently 134 B IP 75.2.93.90:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /r/3BZ9u HTTP/1.1
Host: tx.vc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 20 Jan 2023 19:15:42 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://tx.vc:443/r/3BZ9u
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4401
Expires: Fri, 20 Jan 2023 20:29:04 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash aa1eb7cb9d11732fecca574bc559e922
c85ad8413e851db993b25fccd6b048f151297eaf
acb797a002530fa975759be3cecf6a7ab8efb754e2e5b16008d1ea39a624d995
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACB797A002530FA975759BE3CECF6A7AB8EFB754E2E5B16008D1EA39A624D995"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5492
Expires: Fri, 20 Jan 2023 20:47:15 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 39 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash cf799618435ba54abdba98124e41846f
b3237b6b768a8cc627d78d8b30541eb9d87fdf00
9875897aec57a4e74146a23929bf03dee3b531336f98edf544cb5ef6a9ff3ce2
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: ngk2GyusLFCpRATED36iysLL5_j9Qt6Jv5thoAyi0tYx4mpDxlAKTw==
content-encoding: gzip
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 19:09:04 GMT
age: 399
content-type: application/json
content-length: 39066
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19851
Expires: Sat, 21 Jan 2023 00:46:34 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: a9ZXoCIRxOKuXyVm8C+J3BL1AKa0l3/3MxE5b3l+i1H8XyR87mCJXN9DEU3X0DUHHqifsqP1HIg=
x-amz-request-id: QWT03M9Q5PVXNG45
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 18:36:12 GMT
age: 2371
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2934
Expires: Fri, 20 Jan 2023 20:04:37 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 18:34:37 GMT
content-type: application/json
age: 2466
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 19:15:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 768cd30f1e1b2fe343173f1f0f9d4c2b
82f73d30e8bdf438dd91c274af17836628a43bcb
0e76760e198db89d26c17a23c64fb1689cdc4eeaf74cf7319f1d38e2f9514e6c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63c70b0b-1d7"
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oSKQG_VLUBG--2tRploxX6fNJCvW6-scFYnxHsDwVdyGXTkyU7a8Ug==
tx.vc/r/3BZ9u
99.83.131.60302 Found 0 B IP 99.83.131.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r/3BZ9u HTTP/1.1
Host: tx.vc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 20 Jan 2023 19:15:43 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
server: Apache
x-frame-options: tx.vc
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f5fd3cdcda71c8f027ce632a3db5e5f3
1352de7ce2b040943c930aa242b6ae51b52a2d5a
3e5ca42c723a8e3d4617a8f4649b91df9113005766ef200c3210c58b2409200d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4128
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63c98404-1d7"
Last-Modified: Fri, 20 Jan 2023 18:06:55 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash eb10ed4e38879fe146c4f5f2167d6c0a
a642d9e17941cbc8ceb33ae58730c02d6417e8a8
3f654672631bcf027624670b9ac895bad0860555a49e0690a5e48dfcf50d3c14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F654672631BCF027624670B9AC895BAD0860555A49E0690A5E48DFCF50D3C14"
Last-Modified: Fri, 20 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2894
Expires: Fri, 20 Jan 2023 20:03:57 GMT
Date: Fri, 20 Jan 2023 19:15:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4841
Cache-Control: max-age=141113
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:43 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 10:27:36 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 18:17:28 GMT
age: 3495
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
34.223.232.211200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 34.223.232.211:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Fri, 20 Jan 2023 19:15:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
18.197.71.232200 OK 10 kB URL HTTP/1.1 www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
IP 18.197.71.232:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (581)
Hash c37535b0d44717fcaa95a03a181fd352
b1537652f282515bb9b668b75817d90319a522bd
49a5db35a1c0883696c92d6111e5ee3448e98b5b819c82439d4754b5c8bf4959
GET /lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Vary: Accept-Encoding, Cookie, Accept-Language
Content-Language: en-gb
X-Content-Type-Options: nosniff
Set-Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; Path=/
visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; expires=Fri, 20 Jan 2023 22:15:43 GMT; Max-Age=10800; Path=/
da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; Path=/
csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; expires=Fri, 19 Jan 2024 19:15:43 GMT; Max-Age=31449600; Path=/; SameSite=Lax
sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; expires=Fri, 03 Feb 2023 19:15:43 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
Content-Encoding: gzip
www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24
18.197.71.232200 OK 3.2 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24
IP 18.197.71.232:0
File type assembler source, ASCII text
Hash eb35daa1816ff8eda17cf88ba366b007
22898895b6279343be2eca508b3935b409b313f2
ebe011a07198cdca52d620eceaa8e6018a8f6ca8c655900167d4c9035baf77d8
Analyzer Verdict Alert fortinet Phishing
GET /static/mfs_assets/css/new_offers_page.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Tue, 28 Jun 2022 09:37:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
push.services.mozilla.com/
35.162.52.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.52.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3Gdb+e1dpArcWOVMW9NK7g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5IJ6d2Nv0W8D1NfzvdI8/yIIbxw=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
18.197.71.232200 OK 1.3 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
IP 18.197.71.232:0
File type assembler source, ASCII text
Hash c50c81c69173e5ee771eeb26c88b344e
9ce0719dcbd78518e9dedd1ddfcf4786edaa8edb
1a3e63230a57c7d2736f5cd4170160dc6ce8e65dbfd55f42aeaa89006fd8cd13
Analyzer Verdict Alert fortinet Phishing
GET /static/mfs_assets/css/ticker-strip.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Thu, 18 Feb 2021 14:33:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
104.17.24.14200 OK 6.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (20831)
Hash 368c425fc94c424e1688caadefbed981
13d24c22c199ef6668d758434819f44307a65094
ed9c7a83e1c1300a93ecd08807a736ebe7b87ab8262a40bc7e3859d00a46a102
GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 6646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-520c"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 87333
expires: Wed, 10 Jan 2024 19:15:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZMP6Tt9IyEMd%2FYE9SvLFaw%2BvBo43eAZLQQqZ70Iy%2BYRwk7QbBBP5I2cwFWMdAM6h3sUnrEOTK1CZXyP7bgYYF%2FYZh8CQG%2B8H2Cs7QEUGNC%2BQCx4faYg87YWHVz5Ld6KfJgZwrWj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78ca23f888130b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 20 Jan 2023 10:15:19 GMT
Age: 32425
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
www.mrfreeslots.com/static/css/star-rating-svg.css
18.197.71.232200 OK 272 B URL HTTP/1.1 www.mrfreeslots.com/static/css/star-rating-svg.css
IP 18.197.71.232:0
File type ASCII text, with very long lines (487), with no line terminators
Hash 35e70490396b03528922aef96a7b6158
5c83e732b4159905c7ddae10bbed46374661a0e6
d796f1a85491909b73d77bc3509835503dbf70a9d49f05cede2d7653aaab47a7
GET /static/css/star-rating-svg.css HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Wed, 28 Oct 2020 15:55:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
www.mrfreeslots.com/static/mfs_assets/css/footer.css?v=24
18.197.71.232200 OK 1.1 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/css/footer.css?v=24
IP 18.197.71.232:0
File type assembler source, ASCII text
Hash 64d22e9b935b567b45479ab7029f1802
361fefbc1de598442c3491c392c57eb2d53b7de8
c3814d20b9c6f334f8c2c1d60ac4230a83cadb37961e9c4dcec8d1cbca03bd88
Analyzer Verdict Alert fortinet Phishing
GET /static/mfs_assets/css/footer.css?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/css
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 514f346a7af0070736d92010d541f239
78a4572852b5503a5ed2bb23fc0e4ae9376d9fcf
fb3a650465ebfe7483bb1f83da440188779e2e2cdb181bd082874609a66547ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:19:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
www.mrfreeslots.com/static/js/jquery.star-rating-svg.js
18.197.71.232200 OK 3.9 kB URL HTTP/1.1 www.mrfreeslots.com/static/js/jquery.star-rating-svg.js
IP 18.197.71.232:0
File type ASCII text, with very long lines (661)
Hash 7bb300a2dbfed0ea4daaea7e47bd0c2c
d1cb2c5fb8692971359012a5167387554555a1c8
cee510b5f80fc1f4d6b275820a91551019098d2430688e7fd29f305dba32bf73
Analyzer Verdict Alert fortinet Phishing
GET /static/js/jquery.star-rating-svg.js HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 28 Oct 2020 15:55:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
www.mrfreeslots.com/static/js/custom.js?v=24
18.197.71.232200 OK 926 B URL HTTP/1.1 www.mrfreeslots.com/static/js/custom.js?v=24
IP 18.197.71.232:0
Hash a712be49f55b9de162f2d8fd992af49b
ef0d07082f772dcd523878a4f24bc8b769affd67
00d86e8eb5c558945beabfb7a4fee49e6ae97784596786dcc49449af5465b32c
Analyzer Verdict Alert fortinet Phishing
GET /static/js/custom.js?v=24 HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Oct 2022 13:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a14558836cdd154e38d745b780f845f2
b14541c48d6522fd7b54f589fe344260e3874529
53370da335862dbc0b95831deff8326a3c1b2521278a87e8febf7823d249e7da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:20:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
www.mrfreeslots.com/static/js/jquery-3.3.1.min.js
18.197.71.232200 OK 30 kB URL HTTP/1.1 www.mrfreeslots.com/static/js/jquery-3.3.1.min.js
IP 18.197.71.232:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 2d495f5054edf410ef67b9fe39614157
f5048eecb20bffb83bf13f272d2b6599d2ed1a89
97ada30dad98a4983f45c054190b82147114acf4145f843c1c9ee9cd3123f698
Analyzer Verdict Alert fortinet Phishing
GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 23 Oct 2020 17:50:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M
142.250.74.78200 OK 44 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-KDLNH7M
IP 142.250.74.78:0
File type ASCII text, with very long lines (1921)
Hash ee13df3cea348093c30bff75d5451b98
c33c9fad76eba78d8b64d1a93f5f222f73ed911d
37c59d9e4f939f31cea11421ca330c0144a06d82878b184762f77a165d19e4a6
GET /optimize.js?id=OPT-KDLNH7M HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 19:15:44 GMT
expires: Fri, 20 Jan 2023 19:15:44 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44381
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 514f346a7af0070736d92010d541f239
78a4572852b5503a5ed2bb23fc0e4ae9376d9fcf
fb3a650465ebfe7483bb1f83da440188779e2e2cdb181bd082874609a66547ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 19:15:44 GMT
Last-Modified: Fri, 20 Jan 2023 18:19:07 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22
35.241.9.150200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Hash 18fb686545e1495981520cb6525e77e0
9dd1146cb0af54f84fb8eb6192ab7923003e5aa5
d117a578dc84728a86110f18ac99bb22eddef631efb52e41ad15af7ef1874b20
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221674239834335%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Fri, 20 Jan 2023 18:42:05 GMT
last-modified: Fri, 20 Jan 2023 18:37:14 GMT
content-type: application/json
age: 2019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png
151.101.193.137200 OK 17 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 700x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b92bd49d2e421dca1a204911ea42b755
5c010f83078cadaef01a80d8558123840afc3351
60b295c97a180e8e2e28f9b4571d86838a652012f5cc303ede3b71f42569afea
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/02/09/1644417426BUTLERS-BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1644417426BUTLERS-BINGO.webp"
content-type: image/webp
etag: "b92bd49d2e421dca1a204911ea42b755"
last-modified: Tue, 10 May 2022 11:26:23 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 16948
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png
151.101.193.137200 OK 11 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 700x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2551a94f7b4fdf4b0b7dda93a7bfa8d3
3e72a679af9784ea5a8473333a9d94a54e6eed17
cb9c4a412ead1919d3fd5cc9713788928f940e25155611e6a1856df5d11b31d6
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/08/10/1660128061FABULOUS_BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-disposition: inline; filename="1660128061FABULOUS_BINGO.webp"
content-type: image/webp
etag: "2551a94f7b4fdf4b0b7dda93a7bfa8d3"
last-modified: Wed, 10 Aug 2022 10:47:58 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 11274
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png
151.101.193.137200 OK 14 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a89d87a7e15400df842858215f4b4b37
fe9609984457e9b674eac83bfc417737b81e5913
d1a7d2f833f4579264b48b2d28b64f6dc90e5b7bce24ef3c10f375372baf562e
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/05/14/16209886481612097818MIRROR_BINGO_2.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-disposition: inline; filename="16209886481612097818MIRROR_BINGO_2.webp"
content-type: image/webp
etag: "a89d87a7e15400df842858215f4b4b37"
last-modified: Tue, 10 May 2022 10:41:09 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=3;cpu=1;start=2023-01-20T19:15:44.307Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 14370
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png
151.101.193.137200 OK 12 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8866baad8b1658a5f287bbcfd699b7de
7e6f3e273c712e048dd03efe1c8ed47fbd595cb0
d4078121220b82b5bc311f81642b25a6fb40e557cec1498e44ca6a0b0a1e623a
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/11/1665484498SLOTSBABY2.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1665484498SLOTSBABY2.webp"
content-type: image/webp
etag: "8866baad8b1658a5f287bbcfd699b7de"
last-modified: Tue, 18 Oct 2022 12:56:39 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=2;cpu=1;start=2023-01-20T19:15:44.318Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 11620
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22
35.241.9.150200 OK 15 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (14594), with no line terminators
Hash 8b50a98d04dbb592246807c9d46e1cbb
0bd0fc6b9d02756975e43b02fcb1c0bbb1fb2520
0d2ebe72916412b1a538b68637263d5537f0f09a576e4498d84f2d38582f5a4f
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674239834335&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 14594
via: 1.1 google
date: Fri, 20 Jan 2023 18:47:28 GMT
last-modified: Fri, 20 Jan 2023 18:37:14 GMT
content-type: application/json
age: 1696
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png
151.101.193.137200 OK 5.1 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 45199d1036a60af39b047a316e393d8e
c93f4a226544df2786de87c339d629772484db5c
918f7883fb1ec703639d7998444c75f71baff6f152210d0ddc652ae77673d478
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/11/03/1667486465MAGIC_RED.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1667486465MAGIC_RED.webp"
content-type: image/webp
etag: "45199d1036a60af39b047a316e393d8e"
last-modified: Tue, 08 Nov 2022 11:59:59 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=1;cpu=0;start=2023-01-20T19:15:44.320Z;desc=hit,rtt;dur=19
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 5078
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png
151.101.193.137200 OK 13 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1c07e9d64df9661679e7da1da6ef430a
33742243206eab074d159bd39346b335ce9cf052
8cf32a07f0bda07ece35d5632befd2eb222e3f7a93276940fe154817d8964c7d
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/04/29/1651222407WILD-WEST-WINS.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1651222407WILD-WEST-WINS.webp"
content-type: image/webp
etag: "1c07e9d64df9661679e7da1da6ef430a"
last-modified: Tue, 10 May 2022 10:41:08 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=4;cpu=1;start=2023-01-20T19:15:44.329Z;desc=hit,rtt;dur=17
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 12992
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-WLKT5NZ
142.250.74.168200 OK 50 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WLKT5NZ
IP 142.250.74.168:0
File type ASCII text, with very long lines (2773)
Hash 7394e7c3b3d5bd1fb3470a796bed55f9
7fefd0fabbd38206e3221ef02021f67fafef2828
e508206d213f5e4d5b3dddd28d3b6587368fb72bba0709bd6450573328d16632
GET /gtm.js?id=GTM-WLKT5NZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 19:15:44 GMT
expires: Fri, 20 Jan 2023 19:15:44 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mrfreeslots.com/static/fonts/JosefinSans-Regular.ttf
18.197.71.232200 OK 58 kB URL HTTP/1.1 www.mrfreeslots.com/static/fonts/JosefinSans-Regular.ttf
IP 18.197.71.232:0
File type TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2010 The Josefin Sans Project Authors (https://github.com/ThomasJockin/JosefinSansFont\012- data
Hash 6762afeccd02d16a80409b78fb85251c
1320915dbd19243be53f5458f1b6f2881efc7e67
31ed94e56b1225f07307210cc2ea46e2209b71fe284423f6929f9cdab124e86d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/JosefinSans-Regular.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 58548
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-e4b4"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.mrfreeslots.com/static/fonts/JosefinSans-Bold.ttf
18.197.71.232200 OK 58 kB URL HTTP/1.1 www.mrfreeslots.com/static/fonts/JosefinSans-Bold.ttf
IP 18.197.71.232:0
File type TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2010 The Josefin Sans Project Authors (https://github.com/ThomasJockin/JosefinSansFont\012- data
Hash 9ac2a60828c8f6e627f4f628899398f0
b1b440257fcb021f25f1e845b3091e41189695c4
607a55db524faad26263089be4c1a7085072cf2ccf34b3546610288b418a0381
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/JosefinSans-Bold.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 58416
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-e430"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.mrfreeslots.com/static/mfs_assets/img/Background.png
18.197.71.232200 OK 158 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/img/Background.png
IP 18.197.71.232:0
File type PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced\012- data
Size 158 kB (158359 bytes)
Hash 7f95101572540001a259b2bd538f77fc
5b0d4034173d3122182c9aa4e624d53ee7d0edc8
f56c29fbae418a9e54355df723b50bc69fe5f40811da2fc94af692fd6b993ca8
GET /static/mfs_assets/img/Background.png HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/new_offers_page.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/png
Content-Length: 158359
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-26a97"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.mrfreeslots.com/static/fonts/Roboto-Light.ttf
18.197.71.232200 OK 170 kB URL HTTP/1.1 www.mrfreeslots.com/static/fonts/Roboto-Light.ttf
IP 18.197.71.232:0
File type TrueType Font data, 18 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto LightRegularVersion 2.137; 2017Roboto-Ligh\012- data
Size 170 kB (170012 bytes)
Hash 88823c2015ffd5fa89d567e17297a137
92cc3b6f9440193c12fd02ed690e434d685a9cc8
db02096a91c20ab62d459001a1059bc8d78caa35d637dc91494c4440815a6ac1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Roboto-Light.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 170012
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-2981c"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png
151.101.193.137200 OK 11 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6e3f56ab9c1ad2f326f65b24c5741980
b78055a51fb502f4be8d4d73db6d7d5e1eca5eea
603fe3177e5cfb91ba25da1ead2e8c40d9ae20d673d1eb9c066a04b144cb1e7c
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/10/12/1665577263SING_BINGO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-disposition: inline; filename="1665577263SING_BINGO.webp"
content-type: image/webp
etag: "6e3f56ab9c1ad2f326f65b24c5741980"
last-modified: Wed, 12 Oct 2022 15:06:44 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=150;cpu=1;start=2023-01-20T19:15:44.307Z;desc=miss,rtt;dur=19,cloudinary;dur=56;start=2023-01-20T19:15:44.355Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 10720
X-Firefox-Spdy: h2
www.mrfreeslots.com/static/mfs_assets/img/Logo.svg
18.197.71.232200 OK 2.4 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/img/Logo.svg
IP 18.197.71.232:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2427), with no line terminators
Hash f5737d1f1c7bdfa58856400df4c1df2d
adc94186482cb97a17918bebad0eb8042d515391
ef0bd6338222716b8f5cfb947f481e2d233b7edb01f2f7efb1ebacf3c37efd1e
Analyzer Verdict Alert fortinet Phishing
GET /static/mfs_assets/img/Logo.svg HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/svg+xml
Content-Length: 2427
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-97b"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.mrfreeslots.com/static/fonts/Roboto-Bold.ttf
18.197.71.232200 OK 170 kB URL HTTP/1.1 www.mrfreeslots.com/static/fonts/Roboto-Bold.ttf
IP 18.197.71.232:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Roboto-Bold.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 170348
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-2996c"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.mrfreeslots.com/static/fonts/RobotoCondensed-Light.ttf
18.197.71.232200 OK 168 kB URL HTTP/1.1 www.mrfreeslots.com/static/fonts/RobotoCondensed-Light.ttf
IP 18.197.71.232:0
File type TrueType Font data, 18 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto Condensed LightRegularVersion 2.137; 2017R\012- data
Size 168 kB (167568 bytes)
Hash 885e5558c90864ddb72ad486f36470cc
b65ec310689040b32a54e62269e8b83e3c40f89e
e4787def35e6d46bb0bef6f6086cceddfc357476858b0e77b3587f6faebe666d
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/RobotoCondensed-Light.ttf HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/static/mfs_assets/css/ticker-strip.css?v=24
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: application/octet-stream
Content-Length: 167568
Last-Modified: Mon, 21 Dec 2020 10:32:53 GMT
Connection: keep-alive
ETag: "5fe079d5-28e90"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png
151.101.193.137200 OK 3.8 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 602638d9c42c780b37033b330f390fa5
e8fac790801f179ada7f60cac029c67943e808fb
7d80f01fa2c60e5c7c712ab49a1aeefb24831a96dc69513e4f8da000465bb0a9
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2021/03/29/1617025101POKERSTARS-CASINO.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1617025101POKERSTARS-CASINO.webp"
content-type: image/webp
etag: "602638d9c42c780b37033b330f390fa5"
last-modified: Tue, 10 May 2022 10:41:09 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=202;cpu=1;start=2023-01-20T19:15:44.323Z;desc=miss,rtt;dur=19,cloudinary;dur=109;start=2023-01-20T19:15:44.370Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 3750
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 18:49:34 GMT
content-type: application/json
age: 1570
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8c9984d5c620e41ba04fb1532f748fb9
e0023265f90e595dfcfc67504fc47501b3fc026a
ed120934226911bd964e091ccb429df35520b93af4c5639d34838fa2a4006b33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED120934226911BD964E091CCB429DF35520B93AF4C5639D34838FA2A4006B33"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 20 Jan 2023 20:26:34 GMT
Date: Fri, 20 Jan 2023 19:15:44 GMT
Connection: keep-alive
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
104.18.11.207200 OK 194 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65324)
Size 194 kB (193775 bytes)
Hash 3aba9636589fe405ed993857f4913394
912cfb4f9e8962b19188d07f0be0a394e8c4a77a
3ea8a2a95bcc08cabd915c6b7de4c9390c55cdaf34a8775c49b72806683fd229
GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 01/04/2023 11:35:40
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: b9d09dc1f54a34472432b03e45b54619
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78ca23f8a962b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
34.111.73.144200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP 34.111.73.144:0
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wjePtn4DAnNmuTkdcDkI94NmqTCeeBOL4sF+sgho/Ciznhx86pIPnXU6bfNiMkwTryCb+vofr2E=
x-amz-request-id: NKRGS5M85MVAFN2M
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Tue, 17 Jan 2023 12:42:00 GMT
age: 282824
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png
151.101.193.137200 OK 4.3 kB URL HTTP/2 res.cloudinary.com/qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png
IP 151.101.193.137:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9422908728e9f9aa2f4713c9045ec687
84117a5dd1d33a06454c087ae1627339f75498f5
a7d122f591f6a55c449151a27df1651e8737a0cfaf1599cc9b941ce92ca4f28f
GET /qih/image/upload/f_auto/v1/multisite/media/Merchants/2022/03/02/1646257890BONUS-BOSS.png HTTP/1.1
Host: res.cloudinary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="1646257890BONUS-BOSS.webp"
content-type: image/webp
etag: "9422908728e9f9aa2f4713c9045ec687"
last-modified: Tue, 10 May 2022 13:05:28 GMT
date: Fri, 20 Jan 2023 19:15:44 GMT
vary: Accept,User-Agent
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=434;cpu=0;start=2023-01-20T19:15:44.319Z;desc=miss,rtt;dur=19,cloudinary;dur=63;start=2023-01-20T19:15:44.644Z
server: Cloudinary
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-content-type-options: nosniff
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
content-length: 4276
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22
35.241.9.150200 OK 88 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22
IP 35.241.9.150:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e6c4fd25ad64e2f08f2b55fb84462da9
36047bc5b7c3a56b20424868bc7fb6e3b6833511
ebb8d34419fca6a8794b5133ed4c4f66910d54481025dc29c6d3daa32a334bf8
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674192522768&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 88028
via: 1.1 google
date: Fri, 20 Jan 2023 19:11:35 GMT
age: 249
last-modified: Fri, 20 Jan 2023 05:28:42 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5e07986e10c05c33f45491941cd3d4d7
387f33876d89468f9c62c5cb3e9daac321b1b705
237a9dcedc5d9ba8ae09283789124ff4d5e73c7dd51ef4b47a5a51afb565bb49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "237A9DCEDC5D9BA8AE09283789124FF4D5E73C7DD51EF4B47A5A51AFB565BB49"
Last-Modified: Fri, 20 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 21 Jan 2023 01:15:44 GMT
Date: Fri, 20 Jan 2023 19:15:44 GMT
Connection: keep-alive
www.mrfreeslots.com/static/mfs_assets/img/Favicon.png
18.197.71.232200 OK 1.7 kB URL HTTP/1.1 www.mrfreeslots.com/static/mfs_assets/img/Favicon.png
IP 18.197.71.232:0
File type PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash c6a853f0f5efb340594524a32afe03e4
34729b43c4e7714122c9e9e8d7623449a89feeea
8aae7d3977e78a2681b6d0ac4bf33fa2ab14e97d4221957e25d1cbf7ad4175c6
GET /static/mfs_assets/img/Favicon.png HTTP/1.1
Host: www.mrfreeslots.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/lp265/?lavi=BSC17341583&conversion_method=sms&conversion_campaign=6901&send_id=6901
Cookie: session_key=bc5x3gnjfs8ro10gg6j3150ruqn7wz59; visitor_key=40b429ffe49c8959d5ea3a3b4b014a6eac645187; da_cookies="{'query_dict': {'value': \"{'lavi': 'BSC17341583'\054 'conversion_method': 'sms'\054 'conversion_campaign': '6901'\054 'send_id': '6901'}\"\054 'expiry': '2023-01-20 19:15:43'}\054 'network': {'value': 'nonetwork'\054 'expiry': '2023-01-20 19:15:43'}\054 'channel': {'value': 'direct'\054 'expiry': '2023-01-20 19:15:43'}}"; csrftoken=WZqUJkoR2AquQAbuAWb0oZxYKA3ofbUhANIgwJ9FQtvjaIhfIfIB4JFxOfLDDep7; sessionid=bc5x3gnjfs8ro10gg6j3150ruqn7wz59
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: image/png
Content-Length: 1727
Last-Modified: Fri, 15 Jan 2021 11:21:45 GMT
Connection: keep-alive
ETag: "60017ac9-6bf"
Expires: Sat, 20 Jan 2024 19:15:44 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
18.197.71.232301 MOVED PERMANENTLY 0 B URL HTTP/1.1 www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
IP 18.197.71.232:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO HTTP/1.1
Host: www.slotswise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 MOVED PERMANENTLY
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN
Location: https://www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
Content-Language: en-gb
Access-Control-Allow-Origin: slotswise.com
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22
35.241.9.150200 OK 17 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (17319), with no line terminators
Hash d98a8694f5319841aca0ce5665cb70bd
0343776c07afb11211f5e6b9f5f54156190d37e3
317c9f3e63a171b7fb793250a9720ef5150cb4f795c2f6aa7808a7e589e6318e
GET /v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17319
via: 1.1 google
date: Fri, 20 Jan 2023 19:08:13 GMT
age: 451
last-modified: Thu, 19 Jan 2023 17:02:14 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
18.197.71.232200 OK 0 B URL HTTP/1.1 www.slotswise.com/api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO
IP 18.197.71.232:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/ga-hit/bc5x3gnjfs8ro10gg6j3150ruqn7wz59/?url=https%3A%2F%2Fwww.mrfreeslots.com%2Flp265%2F%3Flavi%3DBSC17341583%26conversion_method%3Dsms%26conversion_campaign%3D6901%26send_id%3D6901&user_agent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&referrer=&ip_addr=undefined&visitor_id=40b429ffe49c8959d5ea3a3b4b014a6eac645187&geo=NO HTTP/1.1
Host: www.slotswise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mrfreeslots.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jan 2023 19:15:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept, Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN
Content-Language: en-gb
Allow: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: slotswise.com
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
35.241.9.150200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash d77c6f3eed3ee3299df7f69d5daa9a96
7089332f1140ccb768a7d778eca42b1f393d68cf
dd907320f63ca60a13d87eea545d3d918e002d23a042f2c31161c9fa5734c3fc
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Fri, 20 Jan 2023 19:10:33 GMT
age: 312
last-modified: Thu, 19 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
35.241.9.150200 OK 2.1 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (2143), with no line terminators
Hash adc8f38454b04c324a51f1b3663f110a
12e1d854cc80650b9e00a27eb4ebdc93101e6a51
6bfe98ae6ffe807dc29b973716fdbf44b730fd23ff7941106e9da9d5a366b9f5
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2143
via: 1.1 google
date: Fri, 20 Jan 2023 19:14:11 GMT
age: 94
last-modified: Thu, 19 Jan 2023 12:49:37 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22
35.241.9.150200 OK 54 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (53706), with no line terminators
Hash a81163f84d5323ac2c0f2e9186cb849d
123b9f65d4c66b2bf660d2b091abbcf719180538
cf7c529c0bfe41c88763a85c284bcee25ddc27f68858d1030b4b04434d1839fa
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674073315973&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 53706
via: 1.1 google
date: Fri, 20 Jan 2023 18:47:29 GMT
age: 1696
last-modified: Wed, 18 Jan 2023 20:21:56 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
35.241.9.150200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1718), with no line terminators
Hash 3292ba62caa5fec67ea0d90d1e97e8da
b61394006887664253e50ea6f021c6254ae16b9b
a3dfe94751c3f663fd11c09cc52e9d61ee8713906a7d657305b40b33078fe30e
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1718
via: 1.1 google
date: Fri, 20 Jan 2023 18:27:12 GMT
age: 2913
last-modified: Mon, 16 Jan 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
35.241.9.150200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1251), with no line terminators
Hash a15652d2ad5a61b333b603a147df4087
f737222311cbc30f90aeacadea9f48e460710e74
c49c6ab42f400eab679ca2a696f76e8083c9ac8fa81f45716ec027a12d29fab9
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1251
via: 1.1 google
date: Fri, 20 Jan 2023 18:25:11 GMT
age: 3034
last-modified: Mon, 16 Jan 2023 16:36:42 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
35.241.9.150200 OK 682 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Hash 668f51f448163fe951f3449c028bfd40
8d624c9419b30c8be7f62724ccd6095f7c4794ef
f3feec2c60186018c18cfcd262d851e35223e8285139c96a89335bb473972395
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Fri, 20 Jan 2023 18:24:37 GMT
age: 3068
last-modified: Fri, 13 Jan 2023 16:36:53 GMT
etag: "1673627813356"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
35.241.9.150200 OK 934 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (934), with no line terminators
Hash 20b9199d0871aa8d1f02e09fc0de6a48
874015ed48e4ccc4d1d3dc4a979d50eaeb059d8c
07214176412ea5e83b5be84ca1d401061fac8b20275e2ee7da3189de2fdba7ed
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 934
via: 1.1 google
date: Fri, 20 Jan 2023 18:32:29 GMT
age: 2596
last-modified: Fri, 13 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Fri, 20 Jan 2023 21:27:17 GMT
Date: Fri, 20 Jan 2023 19:15:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3638dc76d0638625ac9a31c038df3a44
deff1903d591273a96d538ae77988d8a080e228c
8382af3843ebeca8e5c13fdd60f7fb92b479915416f36686fce40566fd87ce68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10867
x-amzn-requestid: 8d882e21-d4c5-49ac-b76a-198cec065377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnVTEfpoAMFgJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8ee-6579537e6a82269f4bc99395;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:41:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 83ssVBkpe4gl1kI8bKYu90Vee3r32V_IiqQxtvt_TfAFk6DsDfyoTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:09:52 GMT
age: 75953
etag: "deff1903d591273a96d538ae77988d8a080e228c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3af2d51fb89ef0261ba025d76169261
9b3f4e3f63b64030624e02ad6ab8ef43a676dd66
c3d5a6f829dc59db8ed27a92fcfc6d387633bb43388e2c19d68b89356a13b1cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa19e2681-f167-4577-b7db-9afc7bd1ccf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13812
x-amzn-requestid: c80287a0-4ce9-47bf-9658-693431f30a49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFEvIAMF1lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-6d73a53e2ffc2ec505dff89b;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y8DaJvgqntmOKzXMdwFwsibvll4D9YUqDz0XsbbhcKKiYEazXiag7A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:36 GMT
age: 75789
etag: "9b3f4e3f63b64030624e02ad6ab8ef43a676dd66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XH59pHdrdzBmByq_DN9OlVh-Y3MGiR-V9KzWnaR9QR_7evQt--UOdA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:09:42 GMT
age: 43563
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:54 GMT
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
age: 75771
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5553b06c7dde4dc377f9f4e65bc8ace7
9dca5486485416d1aef199be08a50abd717addc7
33a5d1a21738218e0a6fe16d79045bd390af2e84073330a0a94c03812e1ba3ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 70710215-b8fd-44eb-8b50-f0948f98366c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFNvoAMF3ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-19e7e3865ce991cb5447f0f2;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Fc9dIiT5QQaTowAA6lp8ffJl4Niq3i_iVe54lYhAV52kJ8Q98EMJqQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:44 GMT
age: 76261
etag: "9dca5486485416d1aef199be08a50abd717addc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ruj2jeo2zhuDhIPufqckFmqP0Cx7ECNYRyxBYgQbHhkWH4o3m1L-OQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:29 GMT
age: 75796
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.6.3/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.6.3/css/all.css
IP 172.64.133.15:0
GET /releases/v5.6.3/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: text/css
x-amz-id-2: PFm9fUN0xas2W111Iiri/0dSDg95gX66LGBCZuSy+BB/89hYUurN0U6cPuND+nJjMfaoeC5iUOU=
x-amz-request-id: 1ZVBJN1S69T89QT1
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
etag: W/"dc93d584e41f8417f6b7163320d34329"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1012701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hcMR0WM92PGXOL7muyD5BWbvhEMz%2Bz7r%2FLTuqAFQLBl1utMHq7l9J5t7SeS01AugR%2FOvT7CgajGrZ4wNZUtwhkyQ0Sqj%2F0QXJa1F8cyWcBBhQ2EjedON2w0Ft%2FydcAVO4ZAvw2WU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ca23f92b2e06d9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mrfreeslots.com
Connection: keep-alive
Referer: https://www.mrfreeslots.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 19:15:44 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"e1d98d47689e00f8ecbc5d9f61bdb42e"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 01/05/2023 11:06:25
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1079
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0bca493cca1ea7ef24e203dced01216e
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78ca23f8d9c8b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2