r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7458
Expires: Wed, 01 Feb 2023 23:37:43 GMT
Date: Wed, 01 Feb 2023 21:33:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3061
Expires: Wed, 01 Feb 2023 22:24:26 GMT
Date: Wed, 01 Feb 2023 21:33:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5349
Expires: Wed, 01 Feb 2023 23:02:34 GMT
Date: Wed, 01 Feb 2023 21:33:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 20:36:02 GMT
content-type: application/json
age: 3443
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JZU+nEWlGA4hkYJwUC/WxgSyLURrbxGJXlKBASa7k42H3/JBq+HVV/eSRVMwTOVXBm1/Ogheprk1JLQb2yN4XA==
x-amz-request-id: 2FB0T278PJHT4ZJ2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 21:22:49 GMT
age: 636
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 21:33:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 20:41:42 GMT
age: 3103
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
luckyreelspins.com/casnzwof0115NW/assets/animate.min.css
104.21.36.253200 OK 5.1 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/animate.min.css
IP 104.21.36.253:0
File type ASCII text, with very long lines (65338), with CRLF line terminators
Hash 80d8e4cdcab6549af071c43a532d15c7
2cbcd572480a25595bd5d98185e8ff935bf00f47
4927c4dda286db08df3ca6097ca4377355e5d03c952a45a322584db2febded6f
GET /casnzwof0115NW/assets/animate.min.css HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:30 GMT
ETag: W/"636b270a-11850"
Expires: Fri, 03 Mar 2023 11:09:14 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 37451
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qitFVaSLf6DwdglF8gF8PxqO84LZqzCtLQZNYrOy%2BRw9uiyfQNBZLpHxe1rBJ6KiUEYKMrMj%2Bx5WicHb4pXpOOCrCxIl%2FLaUkCNJyZishT4xnkWCrKKHCVTSgaOP1w4bYLs5cA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2b6904b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17908
Expires: Thu, 02 Feb 2023 02:31:53 GMT
Date: Wed, 01 Feb 2023 21:33:25 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 21:33:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 21:33:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.165.116.156101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.116.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jmF/R43n1VQmPmE+LvmVWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BC9h6WUAQZWgRVhQ93/cm22YB8U=
luckyreelspins.com/casnzwof0115NW/assets/smoke.png
104.21.36.253200 OK 231 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/smoke.png
IP 104.21.36.253:0
File type PNG image data, 2560 x 577, 8-bit colormap, non-interlaced\012- data
Size 231 kB (230804 bytes)
Hash 1bc38021a1b1c6662149f911359a8d99
6c87b042d2af65ad236037c15fbbc08f33f66124
0138cde8a598f95b9ec30c47749ad68c93e61968faeb5ab0288f36e313f4762c
GET /casnzwof0115NW/assets/smoke.png HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/png
Content-Length: 230804
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-38594"
Expires: Fri, 03 Mar 2023 11:09:17 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 37449
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UL%2BtXqz8TLVxkrJcfnAbS2iDk05MNos8zINmiQzP4Z5K1APAvFRIhu%2Fxz0ZJfBYNhlsqF3IvKySFpWIoT9lh6Q5QftIc9%2BaUnE7LkaTxQakY65BEqUFsVMET1dxHbJw9WNPjM9M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2df9b60b61-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/index.html
104.21.36.253200 OK 9.5 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/index.html
IP 104.21.36.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (566), with CRLF, LF line terminators
Hash 8a46d3d9741cf706aee3ba68c4e82d0e
311314797104b5eba183b14126ac47fc424ada73
acd985009bbf96cd872609d415ad449143be9601adc868ecfb46b306d4ad8bc0
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/index.html HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:30 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OUq5%2BptO2X8elyInJnZFJ20uN4LDdMWEOui7sHqHhJPgOdRZDncqBCWtvjQ2ZuzR3FojR3juFIMC7hSGqxl9R3D%2BckLlpwFyrVohjBm3leiAD5M6UvjWtufGurH%2FWQV7rDL4Wyc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792dce269a52b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 21:33:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://luckyreelspins.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 116660
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 21:33:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://luckyreelspins.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 257486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 21:33:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
luckyreelspins.com/casnzwof0115NW/assets/images/wof-LOGO-desktop.webp
104.21.36.253200 OK 65 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/images/wof-LOGO-desktop.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 61b237245b425884d8b9d696e0e8cb88
7ecb5d3c635cdd2347258f9229994ffda933c0fe
f1e2f7dd06601c21012e5e578b4a8e6a595373092ee7cc11483541dca55ff1db
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/images/wof-LOGO-desktop.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 64970
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-fdca"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRWRKUyf2akvfTa1aHEQ4SMhohPbzfM1uPnDjXSDwJtHPMjBY0NgYpjzMPJciCe9fjOHcXZ0qBPJRiYwJ8IwiU1PAwvzA54emlpCzhpZ4K6YteJh9xnclpVx7plJL4C1Jk%2FfmzM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2ded1eb517-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.36.253200 OK 3.9 kB URL HTTP/1.1 luckyreelspins.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.36.253:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 14:59:41 GMT
ETag: W/"63d7db5d-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYBD8Ctonu39WYyk3KOUwsCttiEoVNSFRtvjL%2Fz%2BqJpFQA5Z3W%2BitfwWtOo4%2F2uEJqKhLjG9edL5FzwBxEgMoWHP%2BywfHE7w7MLzdGpdjg%2F9Q5EofqwMiFIGX%2BUzSLg8eSfv9Xw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce319cc8b517-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Fri, 03 Feb 2023 21:33:26 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
luckyreelspins.com/casnzwof0115NW/assets/bg.webp
104.21.36.253200 OK 118 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/bg.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 2560x1349, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 118 kB (118030 bytes)
Hash a56f11344e887e0139b8dd9ceea2f1bc
efbab494d709fd1794b11030c6500363283821e8
01b8c19924330be6424f6a9d8d042f57f24e0b4da1f07450e159a31c590be6e9
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/bg.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 118030
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:30 GMT
ETag: "636b270a-1cd0e"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0m%2FxiPdFNVduySHrYeqQK3K7OydKtF5NpdHMzACJohh2v5q%2BdpNh%2BgaUnyc3mzg1Vxv4pKw%2BOvaU1J6dP9S%2Bapbt%2FJMymKl6SFAjxkrcYncu3%2Brf%2FfoEa9xvJbDOdqXAxWcL5mA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2e1f4bb4ed-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/main.js
104.21.36.253200 OK 1.3 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/main.js
IP 104.21.36.253:0
File type ASCII text, with very long lines (1607)
Hash e1a13ee22124f541e35747eb003ed0f0
9dbae16077ab87f0aeae9582bf2bf43fa783c041
2cadb3853db1ed6d4b2df58bae3f82961388a6ac125821844b0c9fa2276eaeb6
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/main.js HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=2592000
Cf-Bgj: minify
Cf-Polished: origSize=5048
ETag: W/"636b270c-13b8"
Expires: Fri, 03 Mar 2023 11:09:16 GMT
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
CF-Cache-Status: HIT
Age: 37450
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hOisCCPKqGnejMJQdJVaT5rFjjFeFSXBHonWLsqTuYMzYHAGgoeCUqVGexEhzR%2FmXx4ywCQeo5ayyT0Tr6y10ElBH3ZOt3jKXuKUlexOWxSSfG%2B2bv39%2FJDBTPk%2FdYNWj1uujE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce31bd5bb4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/jquery-3.js
104.21.36.253200 OK 31 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/jquery-3.js
IP 104.21.36.253:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4e9262a2833c09bf24acb5b52883b156
abf5b9b66be5a7cb2d8f9661d33b99d35b97e353
134446b8e6e4cdd6d2cb9b803efe5776490397333b27fdf1f8d4dfba9fde820d
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/jquery-3.js HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=2592000
Cf-Bgj: minify
Cf-Polished: origSize=88147
ETag: W/"636b270b-15853"
Expires: Fri, 03 Mar 2023 11:09:16 GMT
Last-Modified: Wed, 09 Nov 2022 04:05:31 GMT
CF-Cache-Status: HIT
Age: 37450
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hv40zrDVxJxWijN5nz21vBT73oY7P872LZ%2Bt3j1QDPsvnEy0d1R9g7N%2BEduRp7OaNv%2FoTfExdOot78q2r5LsA9ZRQ7TJHWup%2FTYHR%2BDme%2FNRnqJ26L4nxza3P44X%2Bh1YJW3qfSU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce31cd99b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/shake.js
104.21.36.253200 OK 766 B URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/shake.js
IP 104.21.36.253:0
File type ASCII text, with very long lines (587)
Hash 2edb42eaf30b633ac521023bb81fb4a2
4245ab454a8d407eb8fbacac2dabf9fe35417224
2c11e05805fb4b4a303b2e8055bcdabe3515a2c7ea0b2bcffc1f7e66f7eb8abb
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/shake.js HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=2592000
Cf-Bgj: minify
Cf-Polished: origSize=4077
ETag: W/"636b270d-fed"
Expires: Fri, 03 Mar 2023 11:09:16 GMT
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
CF-Cache-Status: HIT
Age: 37450
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tqyJEDLsMtKytUB1cED0ZqugU6XDLGBdI5G0HS0D53IVdPF0LvEw5%2F%2B2kredkQvalsQjCatE6jY1qUDVeczt1GpP0SkEH3%2F%2B7wv9Lfi2NEIaTQxfDErjQpfS0SXi3MgPPewddc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce31edccb4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/logo.webp
104.21.36.253200 OK 13 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/logo.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d40545af5263f863edc9771468b000b4
030519dc0457c8bef84c8b721d1f5225ecc1ebad
87e0a2275889086e84b0a24266867c8e01147a25c76563273b4266a8f7bba20c
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/logo.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 13054
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-32fe"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7mNbjwkNsHm9txBWmGefqHgQZWh2fh7qQRyPrXRmcC1S6f7FhuuJNyB8hd7hi08bZ3v5fF%2BbDp422tia7MoxtiTjlBGpZlkA5IcnerdLY%2FtdoEoHtZ36ip6kN0uKuBX43%2Bj%2FhgA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2e8a6e0b61-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/case.webp
104.21.36.253200 OK 15 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/case.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 73b9e6ad6bc7fc1a54cbd303cc5670f9
00d427c87b93a51493230171d8dc58841fa76b64
34e7e286de3e12a5c0bf7f5cf70eae78de7a60a47472f41509e558b1ae8c2b54
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/case.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 14692
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:31 GMT
ETag: "636b270b-3964"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enbBRiMGQCrpsRUIcLcWW0Mx4R0yxZXkY0RngdvJM6ArkBUNj6yuiW18E4IljL%2BXltn5bymQP31ZDpKSSvEOeMN4kBIsIYYk%2BQeXQk%2B5Aq7VsuVk3zXCecyPc9Hs6pOdBzO%2FXPQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2e9c52b52d-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/automaton.webp
104.21.36.253200 OK 13 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/automaton.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b193217a02ee818c4eaeb532c01f5ad5
ad43d2af0b37ce5c2c644fd7f53077698fdb667d
dcd9fcb0684c02bfba647d9d1d0a2ff75ef61b219097bff14a92e026f2314532
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/automaton.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 13098
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:30 GMT
ETag: "636b270a-332a"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SpXLyaJQBTBNDcnBGdQzSDlBYIp6ygg%2ByU%2BbtT6oRK02SNQVyaSDaUGwnUviZ0LV8C%2FlQ9jo7NZOCP9p148La5i3dTiR9YAdHlDcTBWIM%2FR1i4JRs5O2WHTs1ZAZvY1koJsPRLI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2e9d79b512-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/money1.webp
104.21.36.253200 OK 3.9 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/money1.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b9c2a0d724c0c0ab37b4309fbc1a2ac0
837653b4981c8494d869ca124a3e6778bbcdd57b
e00431354224fb3f51b937fe0a9792bb9acbb1989debf165461e85c85995935c
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/money1.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:26 GMT
Content-Type: image/webp
Content-Length: 3892
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-f34"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8Lo8duEAf6da%2F2mWnF7GnAAsxzJEQomFMvJGoVOyo1PFDzKDdrJef4h%2FPmQEkuzP4Mf7WnXwwjjtRDZ2d0W02UiRMN1TWW9AGieAkdg3pxw6vA1y6WDkeN3GhVLU6BAodpZA44%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce2e990db523-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/text_bg.webp
104.21.36.253200 OK 35 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/text_bg.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 770x214, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fdf50da7f3f7d30eda72e0d5776748a8
880b16a633c300e2c1724ec4b41ea174e01f5ab3
e7d352130486166055919e5a46604b7bef40a5766414d625f41caea15d455945
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/text_bg.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 34590
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:34 GMT
ETag: "636b270e-871e"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tcxi6NofGGJ3jWC%2FIxNS7c5zDl1xtYFPOGwUz9ffOI3TQNt%2B%2FjW9wWvXlGdUZU7ZwRxTAhzNV06KI5gmm%2F8rZhqRH45wqekX%2Fb8%2BhFNoF%2FjTMtE0ZsSVt4uew5RVX2QMQki3UEg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce319cd8b517-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/bg_bottom.webp
104.21.36.253200 OK 6.3 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/bg_bottom.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c110ddf0bc7f8fb81c3380125afb1551
0e19172e53aca1c79f4f430fb0fceecba679be0c
19a14f2b0e2aa4a524b45c814ead6b653d0d64f6d5d2fc8b231a6d3977168cce
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/bg_bottom.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 6284
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:31 GMT
ETag: "636b270b-188c"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZzCiS2zXIuwxot%2BV5dYtgzLAc0EmjCtySNbFUk5gc0563hhiyLs5n5J8hXa9pexxTGCh%2F1B9OV27X5dmUSFbKmllXlBfNKVY484IkHH%2FxEeehqq5MKGbS0D2ePdcV3UCagyu4U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce31fddbb4ed-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/stvol.webp
104.21.36.253200 OK 5.3 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/stvol.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a59541e1f9bce7fb706afd267fa7b7a7
fde1c5af20dd9e4896db5460c970191551d13200
87cfa6bd1a019b158335fbc111700e182f7e8617013f1bb76b47cd541dd16333
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/stvol.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 5308
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-14bc"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10EKlKbhJBuh39g5pL805tjKXW9BIuH0bqaPix5kCxZ3RS5CpHSvwoeXIxNnGv%2Fbvis3TNKG2Yp2RKhhSr3coOK5XkzOOttIYWDR%2B6AqiKw1doKmuexVzyU3Hk7k7So7FB77WVE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce321ee70b61-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/limonka.webp
104.21.36.253200 OK 2.5 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/limonka.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7d2eab8271b02189d28bd926468bb5f4
ad43ec06b4c43b971a0cf6d3b87244722e6a9523
f3f638a5b090baa6adcddfcb52141db8e6a9ef705fd388e1b00835664e09e3dc
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/limonka.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 2454
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-996"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mucs8AW7mMpt%2BsSm8aO798D5jxYxf%2BP9ENd%2BwvzrKKa4V72w1UJ21aJeYCjhY0R9iTNf7vT%2FEMcxlf76%2BFwALexAOJvCTSXLLgHiOWvD4ZSzMxxIRKgQ98kDfEAgzoz83xMPSs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce32288eb52d-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/badge.webp
104.21.36.253200 OK 6.5 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/badge.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bea03314199b26bc35f999adaf2fa3e1
a0aca04201639c966c69bf36ee45760e3051313f
2f3ae73c8a2e1579135ff1629e3497f8ceeb83cd7b8abf4f2b3fc0c7ec605cd3
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/badge.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 6486
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:30 GMT
ETag: "636b270a-1956"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T5WOlSgiW1DeuVuuitWH7mhiRo%2BtrInhUu2b%2FFSqMmqu1LJZ4eMnpJir3zFtlRmQvFRZ2oO2VECKoHR7qZp8fKyj61RHLXcmjHm8KOGf%2BdrvwczdXhYZP%2FIVoJmAriXkMW7JVwo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce323b86b512-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/money2.webp
104.21.36.253200 OK 6.1 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/money2.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 33ea9f83c05b33b5dbf415999aea6d9c
3ebb91c1b1910e6da5ec0b13e1dbf1f8f990c54f
902801adc2ebcac9686de3642df63de85d712a3812e8e8642d0c0d5e0964552c
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/money2.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 6088
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-17c8"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PrPUxLLdynT%2BzBGbXTfCdZsTR6i8ep3aTgxcY%2BI0Mcg%2FV8MfI3SYGlV2%2Fb5RZjwBsbI%2BsmKKgbGp%2FQZbBRtDiQtnLhnVQhZHiJlEzaH8zzE72dn23JYI7jhbUne%2B9M%2BrP88c4g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce324e27b523-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7798
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 21:33:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7798
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 21:33:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7798
Expires: Wed, 01 Feb 2023 23:43:25 GMT
Date: Wed, 01 Feb 2023 21:33:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:57:00 GMT
age: 30987
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: daAf58GNG6Oy-ov_8TUeXnTcvZyW5eL_qwWz7dapr2Sy_5XSiS-3Mw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:56 GMT
age: 85831
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 50746
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2419bbbf287e620325438f5620183e32
257963245f14742bf9cd90e71ca748066d5495c3
47c7495be97a81189da17fc3abf430d1f4ecae95fdda30006cc462a4cea4c643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7628
x-amzn-requestid: 29c70d62-ed3a-4c90-8f32-2dc0c1caf5e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcDSnG4RIAMF5eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4b276-0267c928110be13d26906bed;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 05:28:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TYhxCYdYE1eycAY4NW0eFqmjssmfRFIuOXiFfxl0MEO337qQ1aZZ-A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 20:28:04 GMT
age: 3923
etag: "257963245f14742bf9cd90e71ca748066d5495c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4yxwz2MFTdpb8I56VVbFU2Zz0qG_uHcYc3aDtn6boQPjhw7UFLLnYw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 10:37:09 GMT
age: 39378
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 68609
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
luckyreelspins.com/casnzwof0115NW/assets/wheel.webp
104.21.36.253200 OK 27 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/wheel.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 09013b14c3ef62b485eb6d02f39aac82
4055c92651318caa715b2678cde05abd043817b8
de24e6e6b24786a38e875480b2842ed82bfdfcb9a5db5929f97e8e5b6c3e08a4
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/wheel.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 27430
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:34 GMT
ETag: "636b270e-6b26"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjE2%2BHuckbzN5BchVIB19WDULnp0%2Bo6T2gmP5RHeFhE7DGAovIMJC7AzY4mXt1Y7XIbFllg8ZMQ3tN8DeRmziJb30b0Xg0T2i%2B%2FybuaZQ9xAQXkQUTOjJLfdKFBdCERvzExZNx8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce358adfb4ed-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/money3.webp
104.21.36.253200 OK 4.2 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/money3.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f09db27c14fbd16ab6d4777c0b6ebe30
a0ebff24242798395743e683cf48ef60e5b0f22a
2e8107907409a83582ba4dc139ba81f6e42c0c446b0d3d83f1ce228136c071d3
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/money3.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 4210
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-1072"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipi%2BKo7QaHqlA%2F8igx%2BVv1XYAtTXPNZihpMM1dLkCQDL3vKYF6lLS9v%2BR1tseTj7c%2BQsq6jNGovuRrGQz%2F1qdzWmiDHf8J8aZnT13AWS4lWIU1%2FarBsS5ZFs4P3ct9jWd4cxOtQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce354ad2b517-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/wheel_inside.webp
104.21.36.253200 OK 80 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/wheel_inside.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 71fcd332ae0d4ccd42cc4cbd8fb7a90c
ec5342b60212c99ad82d16e0185ffeb00a13a45b
590ff39a344c77be67747f7d0075cc39db5cd2062fa0ade09607f6888b153b22
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/wheel_inside.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 80366
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:34 GMT
ETag: "636b270e-139ee"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imLgefv120Q09BWN2HAaopg5yFdr68z%2BWpdsFT1wYPr4dqnYSdqxZagynx%2F5dGEridhZ8Re98W1q3cahPFhJkMXg%2Bmrf20cW%2FBYeiWVeu4jdp%2FiU2RLYJmsiaGzv2PgkyQtBqHg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce35ab4c0b61-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/winner_arrow.webp
104.21.36.253200 OK 23 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/winner_arrow.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b721f15106d770ad03323805a2102456
6d531bdd10027eeb72e7a998a5944db8ceb5d2d8
0f8b54e466becbb6a253806b7796d497e26b179f59fc90fae9dedefb5c0010eb
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/winner_arrow.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 22736
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:34 GMT
ETag: "636b270e-58d0"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wojjfMekw6RSkJUtj8d%2FBrAEfjx%2BNEeQNzT%2BJ0tKXFzysR%2Fel97lmtasEsoj7Byk01O2RiEmMVIDrm6SPRpIH0NvlhdteHmNKgGb5xB8vOAzz0k3cQPR8XPD2gl5EQyiCcYTWVI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce35c80db512-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/wheel_light.webp
104.21.36.253200 OK 19 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/wheel_light.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 79b4939c3a8c318097dce58df83e1874
7fc2768a250c0316fb5634694677b90033811250
2b8159c224fcda0d0bc5825b04d5ab08620ea3b25b697a23b97f8e395bb4699a
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/wheel_light.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 18704
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:34 GMT
ETag: "636b270e-4910"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQY3spXTxbFaKWnkuUJBO0WjTAot4xtrRyIlOX3fk%2FPPae7lPXAjpxZblPtL5nJx2pS4r1ddk6USOJNxZM%2B9A7cV8g2Ea4FO1OVumDfd3nHHjjeg7jeL9Ajvobg%2FEt8W07Ha5VA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce35cc3ab52d-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/btn_wheel.webp
104.21.36.253200 OK 8.4 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/btn_wheel.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a44ac7f5dddffeab64fa8814ab0ede77
cf5476668d69494dd23ad4d5a1a99ddb056097f3
e78adbfc62c6bbfb0a9359f77ff7286e7491b1f5ad4900387f2567fd4328a732
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/btn_wheel.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/webp
Content-Length: 8430
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:31 GMT
ETag: "636b270b-20ee"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgWFwqaKa%2BAZiCZv%2ByDgWkRvNh24HjC8JcjouYluTvd7ZeBSnHzfnnOytnNGylnje3JB3V9dhXYwwY4WLz8V%2F6iU23mfSZJwdOLnXD7YnB072f2XHIBD7zKIO00MNIuvZeK2nSM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce35daf3b523-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/images/jackpot-sprite-ca.gif
104.21.36.253200 OK 110 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/images/jackpot-sprite-ca.gif
IP 104.21.36.253:0
File type GIF image data, version 89a, 764 x 350\012- data
Size 110 kB (110227 bytes)
Hash fe364892ba2d24bd10079e7ca234c506
638388a79411957bbdaf18dd3f3797ceb4a5cf3b
f3030b1e0fc4828a8764efc02fcab06751a5b55112bc3137e119554dcbed19f5
GET /casnzwof0115NW/assets/images/jackpot-sprite-ca.gif HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/gif
Content-Length: 110227
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:31 GMT
ETag: "636b270b-1ae93"
Expires: Fri, 03 Mar 2023 11:09:15 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 37452
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53lr2DX9IWx8vz8wmrpbmozKflPbKo2dVO0XTkTcLXORADKtxN6YUARuigGnf4guLOEmwMb130jUPRsRFq%2FWbH4%2BnpR1wl9UCC6W6tA7dvCYp7s3G2uka0ws4wLCadP62VC%2B2eg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce396843b523-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/safe-secure-payments.png
104.21.36.253200 OK 13 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/safe-secure-payments.png
IP 104.21.36.253:0
File type PNG image data, 628 x 111, 8-bit colormap, non-interlaced\012- data
Hash ea417e15c537af576f26755f19416820
5ccdc7fdd346d8b490455d777809acee9ea8941f
7257bbef98e4ee902681cbc2470e4160f9ed3812d3e069a52d37fe4de5ef467c
GET /casnzwof0115NW/assets/safe-secure-payments.png HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:27 GMT
Content-Type: image/png
Content-Length: 13054
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-32fe"
Expires: Fri, 03 Mar 2023 11:09:18 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 37449
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z9FFxrmPeBhnKTrv%2FUlm68poHVfsTqL01ko%2B%2BpY7ymzUMEJ04Y9XebQkBZz%2B8uV4pk6sbHSMoFULyvCGXG7Stu5Hzc9yAQdJqRGn5EDf4yYe1jjSNntUINGrFoo2mopwbjXH3mI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce397855b523-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/step_2.webp
104.21.36.253200 OK 3.0 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/step_2.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash be11ce923d3bb8637cb397a00bf81810
b34fcdb69eb2315feeb23cccd132c854c2adca8d
b7172e50219d0e8f2b80c31f8462d9614e18343ce27c56ee9b5cf4a4e3564353
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/step_2.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: image/webp
Content-Length: 2966
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-b96"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeGzuIANVn202dICMyokB%2BFPzwgBVrMsPMy5PeqC1i9uK%2B4bUp8LdrzHfaJC6psJgFmsyLPcbu2h5%2ByyU6Hg0178faFYSx932mSNlItFN%2FQoc%2FOaqNqN2lX2K06JoaOkdZ2Q6Lw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce38d8ccb517-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/step_1.webp
104.21.36.253200 OK 3.2 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/step_1.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 792d3d34eb3dd0dd0d819e252e2d42c3
15f2e709a7751cdcef521dfee243319776015c17
fda2fc83f73a50db9e6af999d0bb654f98ce15fbedad91e9fc56166f7f0c2574
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/step_1.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: image/webp
Content-Length: 3186
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-c72"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAyDKREEHbl%2FzQACsScukVcuxN5VxDmetnKHX%2BEGE5o2l0s5rIQZDlKZW%2FfBn9D3ygjQC%2BEeJ9gR%2BuQ%2B%2FDRuJvyS95pa%2BGqWDvPQMwXnIR1NByR4ofIxyhMbfqLGMBStiejz%2F6c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce375d29b4ed-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/safe-secure-logo.webp
104.21.36.253200 OK 3.1 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/safe-secure-logo.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9a696b75d097ad7347932036de8959f4
939eba18f9394ba99865bd74c6e9de923714686d
923766e02644a243b07f95eeb79fdfae2787b7278c71e640efab45a7b2cc0f32
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/safe-secure-logo.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: image/webp
Content-Length: 3084
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:32 GMT
ETag: "636b270c-c0c"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AR4bm3qxHkfza6dj4nmX0SlvXOfVVISs%2BP11nAsV9pzRMAFnsHjtN%2FtWBtl7zckN6%2Bwgn7CeClGkYXinb5pw0o34%2FnKZ9N2Oi3VnP7NedF%2BV2uo4FI3vv4jU92ePpB2%2BKpavSxc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce3968b1b52d-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/step_3.webp
104.21.36.253200 OK 4.6 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/step_3.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c75abd9f8368a5fd071c90ac466a22c8
af377db6876180308ffe77cb4ab0529b864e8377
c4fb46c3b523407d7ec39700f644fd57c2b6248da2157600cde376d48818401a
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/step_3.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: image/webp
Content-Length: 4582
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-11e6"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjVch2y73hLx73aPpNVn3BwtfjVaDMUjX2hi%2FNMYihdaammzz3lqXdHM%2FqXPn%2FUrWXKXCzX2JvquV9Z4uXctcFbmYG5vCNW626CLQYmQWnDnZRrqr%2FY24ziLBWqszMXh3PVQsic%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce394fda0b61-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/casnzwof0115NW/assets/step_4.webp
104.21.36.253200 OK 3.6 kB URL HTTP/1.1 luckyreelspins.com/casnzwof0115NW/assets/step_4.webp
IP 104.21.36.253:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 12cf3b32ee632c827e7236d9c04cef76
0c745c0f1d258817791a61759278d3ad95d9dde2
b2871dfa0cc4e06349e1342cecf572f29d2b7f6b4b9f0d56fad0ecdcddd9edf1
Analyzer Verdict Alert fortinet Phishing
GET /casnzwof0115NW/assets/step_4.webp HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: image/webp
Content-Length: 3602
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 04:05:33 GMT
ETag: "636b270d-e12"
Cache-Control: max-age=691200
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeGLuHP7YrG2qqFKz7mgYg2I6VT6JwFpNaFJ2InlUseuPieXY70u8C7BJ9FaLEl9QThwvWPOA%2Bg%2B6RldLUpLkEigH98sRvh%2BKASpLT9gsCTG%2BUDDM6wESsV49Ywsc4Ysf9YzRfE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce395dacb512-OSL
alt-svc: h2=":443"; ma=60
luckyreelspins.com/favicon.ico
104.21.36.253404 Not Found 115 B URL HTTP/1.1 luckyreelspins.com/favicon.ico
IP 104.21.36.253:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 98058f0e2d9b8e1de680b04d5c5fe547
8f403216c88f17a89ca0da495f7af5684267ce07
987b4ac29b938af4660b3d54ae4aea6bb9d8dde1221ef9fade5f5f804243d359
GET /favicon.ico HTTP/1.1
Host: luckyreelspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyreelspins.com/casnzwof0115NW/index.html
HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 21:33:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=691200
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6SSCk3cPsyl0TOq7mrILE4%2FkZAyJa0OzC%2BnMfdfYV%2BwfxPta3qayrYlt%2B4Wc42SYmTmnlHG%2FzkOAljt8ztgX6KSghhMV1RcqUYYCh%2FgvomlT5XM%2BgSfWpG5MbqvUFPkE9Fdp0bc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792dce3c8c27b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
IP 142.250.74.74:0
GET /css2?family=Roboto:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://luckyreelspins.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 21:33:25 GMT
date: Wed, 01 Feb 2023 21:33:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2