Overview

URL www.onclickmax.com/script/preurl.php?stamat=m|,0o3dnNjMqB1dQO0dEdHP3xP.213,c_Z2XwXrRXmBvi60-ZWc62j1yJAIaP11SFend_3Sri2NBBnyVCSlb2kbF_8KysLpVAB51bIoTe_EiOHCgfwY8Q,,
IP173.255.119.88
ASNAS15169 Google Inc.
Location United States
Report completed2017-10-13 00:04:45 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-10-13 2 www.onclickmax.com/script/preurl.php?stamat=m|,0o3dnNjMqB1dQO0dEdHP3xP.213, (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.255.119.88

Date UQ / IDS / BL URL IP
2017-12-12 17:37:18 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php 173.255.119.88
2017-12-09 07:28:59 +0100
0 - 0 - 1 www.onclickmax.com/ 173.255.119.88
2017-12-04 20:18:33 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-12-04 19:25:04 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-11-27 21:52:28 +0100
0 - 1 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-11-24 09:11:28 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-11-21 23:47:42 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-11-19 03:28:12 +0100
0 - 1 - 0 www.onclickmax.com/a/display.php?r=1588287 173.255.119.88
2017-11-17 22:41:43 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88
2017-11-11 04:36:18 +0100
0 - 0 - 1 www.onclickmax.com/script/preurl.php?stamat=m (...) 173.255.119.88

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2017-12-13 02:28:01 +0100
0 - 0 - 1 b.codeonclick.com/script/wait.php?stamat=m%7C (...) 104.155.155.178
2017-12-13 02:26:26 +0100
0 - 0 - 0 https://172.217.27.3/ 172.217.27.3
2017-12-13 02:25:15 +0100
0 - 0 - 2 boy-creative.blogspot.com/p/drama.htm 216.58.211.129
2017-12-13 02:25:14 +0100
0 - 0 - 2 boy-creative.blogspot.com/p/drama.html 216.58.211.129
2017-12-13 02:18:08 +0100
0 - 0 - 0 https://krebsonsecurity.com/tag/phishtank-com/ 130.211.45.45
2017-12-13 01:04:04 +0100
0 - 0 - 0 https://drive.google.com/file/d/1cK0TwnoxEGS1 (...) 216.58.211.142
2017-12-13 01:01:54 +0100
0 - 0 - 0 nortopn.blogspot.in/2017/12/bitcoin-support-p (...) 216.58.211.129
2017-12-13 00:56:15 +0100
0 - 0 - 0 https://drive.google.com/file/d/1TBAE6w4tXSHw (...) 216.58.211.142
2017-12-13 00:52:39 +0100
0 - 0 - 0 alt1.gmr-smtp-in.l.google.com 64.233.187.14
2017-12-13 00:50:48 +0100
0 - 0 - 0 wis.pr 104.197.186.31

No other reports on domain: onclickmax.com



JavaScript

Executed Scripts (13)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (60)


Request Response
                                        
                                            GET /script/preurl.php?stamat=m|,0o3dnNjMqB1dQO0dEdHP3xP.213,c_Z2XwXrRXmBvi60-ZWc62j1yJAIaP11SFend_3Sri2NBBnyVCSlb2kbF_8KysLpVAB51bIoTe_EiOHCgfwY8Q,, HTTP/1.1 
Host: www.onclickmax.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.255.119.88
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Thu, 12 Oct 2017 22:04:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049
Referrer-Policy: no-referrer
Vary: Accept-Encoding


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:09 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 19:21:49 GMT
Expires: Wed, 18 Oct 2017 19:21:49 GMT
Etag: 35F922CF24045AD744D2EC6660073B514E2D1F8E
Cache-Control: max-age=508059,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    24845cdbba83af5dff4f5fd4e3d847a6
Sha1:   35f922cf24045ad744d2ec6660073b514e2d1f8e
Sha256: 31f5d140c25eb7700e295569dabbbb8a2092d46757b0a9a2caa1cdf029c22a14
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:09 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: CAE2D4E36B01556EB5A7DFCAC91643A06697B94B
Cache-Control: max-age=473319,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    b1e50e73281d4487d8b1cf3cdaf74bd5
Sha1:   cae2d4e36b01556eb5a7dfcac91643a06697b94b
Sha256: ba282a3cc79d8121086cb931af7199775bd48fef7699ba80e61d794c382b880c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:09 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: 8A7BC9885D9FFAFD7270D5324F22275F2B2C0D13
Cache-Control: max-age=473319,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp21
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d7daaf5088b1b8633e7e0d6600507656
Sha1:   8a7bc9885d9ffafd7270d5324f22275f2b2c0d13
Sha256: 9ea32e88334ce42853f79b00abaff0d4ee00214175cd3e1d189a0aa1b4a4ceba
                                        
                                            GET /ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049 HTTP/1.1 
Host: om.elvenar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         212.48.98.29
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=q24vtjqom8m0p0i2a0e3me8e74; path=/ lps_exp_dc=am724; expires=Mon, 01-Apr-2115 10:11:11 GMT; Max-Age=3075710821; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache
Pragma: no-cache
Date: Thu, 12 Oct 2017 22:04:10 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6682
Md5:    4665ef858a2dae9d0cb39adbc343e500
Sha1:   f81604013e02e22de58c214aed401d7f42a43316
Sha256: 4991edd8ccdd1fa9ec5785b28953a8226fc287c4ea619c9ebef050a1a553d176
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Expires: Mon, 16 Oct 2017 22:04:10 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    f12013db3f9509bab1d7efae58cafeb4
Sha1:   895702c612db85c65e8b2163bbf2eb8e044e5afa
Sha256: 0d6b175b934d2ac0eb377d01580a88f75f8f8359b3e3dda7ac2a5248391d59ef
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=354798, public, no-transform, must-revalidate
Last-Modified: Tue, 10 Oct 2017 00:34:08 GMT
Expires: Tue, 17 Oct 2017 00:34:08 GMT
Date: Thu, 12 Oct 2017 22:04:10 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    fccd40351d25d6f5eecda73fdef9b3d8
Sha1:   0d2d2f37814bb53b7dca796acc9ee278ef6297ba
Sha256: 23e276d6aa20791de9110019cb7992bae490040d4cc3a06678449d1b3f2063e4
                                        
                                            POST /cloudsslsha2g3 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Content-Length: 1539
Connection: keep-alive
Set-Cookie: __cfduid=d3a7a7b27f9db2612e5b9b53aa614e6a11507845850; expires=Fri, 12-Oct-18 22:04:10 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Thu, 12 Oct 2017 19:01:57 GMT
Expires: Mon, 16 Oct 2017 19:01:57 GMT
Etag: "a5b47a80aea0020205fd82e11cdec9da2f9d878f"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3acd5a74f7ad42a3-OSL


--- Additional Info ---
Magic:  data
Size:   1539
Md5:    9f51678f141de65ec508f4b462425bd4
Sha1:   a5b47a80aea0020205fd82e11cdec9da2f9d878f
Sha256: 4d3ddcfa28a8595f4b8ff5e7ab07ef7636180bde6d64ab24035fe5f6d1c54426
                                        
                                            GET /media/css/templates/onyx/am730a.1507711386.css HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:45 GMT
Expires: Fri, 10 Nov 2017 08:53:30 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Length: 7941
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:10 GMT
Via: 1.1 varnish
Age: 133840
Connection: keep-alive
X-Served-By: cache-hhn1549-HHN
X-Cache: HIT
X-Cache-Hits: 12758
X-Timer: S1507845850.472073,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7941
Md5:    e2d993ecc5f54afbdd61b6c8d1276980
Sha1:   1deeeb46a05a3a223c25c2de28327ad8385a202f
Sha256: e88116af0ee13e5db49fca95ac6bc2c19b7645ed6ef893105ed183266d9d5278
                                        
                                            GET /css?family=Arimo:400,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 12 Oct 2017 22:04:10 GMT
Date: Thu, 12 Oct 2017 22:04:10 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   255
Md5:    19db88f3da4440c3bdaf1914d95e854f
Sha1:   61ec5fb7310250b9601917fb7ff5fed7a36592b7
Sha256: 4634c72f03b450753a4e290aedafc12fe614677868848023512bb02501a47dcd
                                        
                                            GET /media/images/favicon/favicon-onyx.1507711385.ico HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:05 GMT
Etag: "59ddd999-6f8"
Expires: Fri, 10 Nov 2017 08:53:15 GMT
Cache-Control: max-age=2592000
Content-Length: 1784
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:10 GMT
Via: 1.1 varnish
Age: 133855
Connection: keep-alive
X-Served-By: cache-hhn1528-HHN
X-Cache: HIT
X-Cache-Hits: 80
X-Timer: S1507845850.492417,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   1784
Md5:    32a4c63fdbf3da15a9d0ba18d2cff1b3
Sha1:   9cd19727c07443b6a0055325e298f38d923f01fd
Sha256: bf389a3a109b19d4204b58871fb6694d56a3ebb9decddcf1dd154acc05cc0c35
                                        
                                            GET /media/js/d0745e8.1507711386.js HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:06 GMT
Etag: "59ddd99a-d5"
Expires: Fri, 10 Nov 2017 14:48:06 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Length: 161
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:10 GMT
Via: 1.1 varnish
Age: 112564
Connection: keep-alive
X-Served-By: cache-hhn1522-HHN
X-Cache: HIT
X-Cache-Hits: 9742
X-Timer: S1507845851.526341,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   161
Md5:    886301b68dbc2aa6612bd419c19ce9c2
Sha1:   c41475e6ec00cc02037733178a1d94beb8f99a10
Sha256: d0b733ae6f88d9d096965e6c21693da394c5a2cf1ddb6be5cf197344bd2c72b5
                                        
                                            GET /media/js/fd47e6d.1507711386.js HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:46 GMT
Etag: "59dc8a5e-25389"
Expires: Fri, 10 Nov 2017 08:53:21 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Length: 46348
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:10 GMT
Via: 1.1 varnish
Age: 133849
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 494
X-Timer: S1507845850.494560,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   46348
Md5:    dec5884452646a9526afb7bc4f070dad
Sha1:   dfdccd7770dbef5ba3980bd71c1d76c2a6cf7920
Sha256: 59cf0e0588c811fadee14c1c60b6e19b48f788deb2d7a4a79d9f938c747be6f8
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Expires: Mon, 16 Oct 2017 22:04:10 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    cb681cfc87e917e6df52e164b3b232c4
Sha1:   5f203c2ad7466c54badf5eb2651b6c500bef3518
Sha256: 0b907f33f2a34c2a8a230ef62ab8622a8c2fe643360b56f16fddcde3440debb1
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Expires: Mon, 16 Oct 2017 22:04:10 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Server: Apache
Last-Modified: Mon, 09 Oct 2017 20:07:10 GMT
Expires: Mon, 16 Oct 2017 20:07:10 GMT
Etag: 486CDB6C20BEF899FBB14CC76E91EBE0AD95D4C1
Cache-Control: max-age=337979,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    c1149a8326064e28d05d4eb80c7246fd
Sha1:   486cdb6c20bef899fbb14cc76e91ebe0ad95d4c1
Sha256: 1ab5747c9a2d09ea682342b5ce3d057cd17d1874b3fd8ab016801b9d078239a2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:10 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: DAFC7DD2F6352EC94BB5989E99CEA8677972A3A7
Cache-Control: max-age=473318,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 727
Connection: close


--- Additional Info ---
Magic:  data
Size:   727
Md5:    ade30573345878d9bb3dfcd4edf4aba4
Sha1:   dafc7dd2f6352ec94bb5989e99cea8677972a3a7
Sha256: dd91527849b33b8dccdddc36c6ab8d0ab5fcf8f8245dc4030db56b3980bb8f54
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Server: Apache
Last-Modified: Wed, 11 Oct 2017 09:42:49 GMT
Expires: Wed, 18 Oct 2017 09:42:49 GMT
Etag: 15A0543E8DFFEC065DEDF96806DC6333FE585167
Cache-Control: max-age=473317,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp21
Content-Length: 471
Connection: close


--- Additional Info ---
Magic:  data
Size:   471
Md5:    eaa0000123eca749fb25dc53eed550f2
Sha1:   15a0543e8dffec065dedf96806dc6333fe585167
Sha256: b4140bc675adc78afc6b63198e6e2a95e49d38ab72461c63abb08ef045f7b105
                                        
                                            GET /pagead/viewthroughconversion/970075357/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.com/ads/user-lists/970075357/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=1566620926
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Oct-2017 22:19:11 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /media/js/2161cc7.1507711386.js HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:46 GMT
Etag: "59dc8a5e-6eb8"
Expires: Fri, 10 Nov 2017 08:53:15 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
Content-Length: 7977
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:10 GMT
Via: 1.1 varnish
Age: 133855
Connection: keep-alive
X-Served-By: cache-hhn1549-HHN
X-Cache: HIT
X-Cache-Hits: 20202
X-Timer: S1507845851.553168,VS0,VE0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7977
Md5:    b903674c2de7b8dd5e819534e2466c04
Sha1:   7ccb10d0b6d66fb30dc967ded7007585b1f36eb2
Sha256: 14b904ce901b89396f3e632ba2ff9ff24717b1110365d83c15b29cc994aca41c
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Mon, 16 Oct 2017 22:04:11 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    f364c4da60a9a4fd6757675eef0b401a
Sha1:   c5c573ac58509da8ed8aa37dacc86aefbe2ca10b
Sha256: dd2fd424aea9bb74029f974d90c351ba5a8b95a9bc42f8c25d71869b9793e4aa
                                        
                                            GET /c/hotjar-506259.js?sv=5 HTTP/1.1 
Host: static.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         108.161.188.192
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/12c74fcc74364e8c1c56226c8b96b852
X-Cache-Hit: 1
Cache-Control: max-age=60
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   858
Md5:    10374d805e03796b3948196992756ffc
Sha1:   88ebc0d23e31190231ab6a2b41550767ef4ed716
Sha256: 556b66f97d83f024cbf4291a78a9500b9b5141f7049745e1d5e5e68c618fdcbe
                                        
                                            GET /pagead/viewthroughconversion/963216494/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.com/ads/user-lists/963216494/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=2012399622
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Oct-2017 22:19:11 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Mon, 16 Oct 2017 22:04:11 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, Stereo
Size:   2704
Md5:    b0797cc70a36ab7f455f29fe51f7d99b
Sha1:   20e19d38907940e38bd89488a2d7edf019608025
Sha256: b167dc817d02e82e8a67177421b535441bc14619e7821f9489197d22e9ef9565
                                        
                                            GET /activityi;src=4830912;type=lpvissal;cat=elvgllps;qty=1;cost=[Revenue];ord=[OrderID]? HTTP/1.1 
Host: 4830912.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.166
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Location: https://adservice.google.com/ddm/fls/i/src=4830912;type=lpvissal;cat=elvgllps;qty=1;cost=[Revenue];ord=[OrderID];~oref=https://om.elvenar.com/ox/no/%3Fref%3Dcas_no_no%26pid%3D1590229-2366072709-0%26acsc%3D66163049
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Oct-2017 22:19:11 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
                                        
                                            GET /pagead/viewthroughconversion/1013420487/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://www.google.com/ads/user-lists/1013420487/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=4212247192
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Oct-2017 22:19:11 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST / HTTP/1.1 
Host: gp.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1415
Content-Transfer-Encoding: binary
Cache-Control: max-age=591318, public, no-transform, must-revalidate
Last-Modified: Thu, 12 Oct 2017 18:19:29 GMT
Expires: Thu, 19 Oct 2017 18:19:29 GMT
Date: Thu, 12 Oct 2017 22:04:11 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1415
Md5:    4eb5cef261ea7c775d2df48031297d78
Sha1:   8d146a06517de6eb85b3eeb298b6bd6d338f6d75
Sha256: d86a4cdc635aeda6c686045a958ce027cfe40920a5a336325bc27feff0e202cb
                                        
                                            GET /ads/user-lists/970075357/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=1566620926 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.164
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.no/ads/user-lists/970075357/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=1566620926&ipr=y&ulfeg=n
Cache-Control: private, max-age=43200
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Thu, 12 Oct 2017 22:04:11 GMT
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 410
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   410
Md5:    4b455bf2ff42687424ad2de4c81b862c
Sha1:   c27082ec18bd92764dae13dccfc69c61b612c1dd
Sha256: ffffc9b0cbde63dd6b6f02b89cb5a2acb683a1c7c23b71ec6c1006751f675f7e
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-cursor-default.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:05 GMT
Etag: "59ddd999-4ac"
Expires: Sat, 11 Nov 2017 06:23:00 GMT
Cache-Control: max-age=2592000
Content-Length: 1196
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 56472
Connection: keep-alive
X-Served-By: cache-hhn1528-HHN
X-Cache: HIT
X-Cache-Hits: 12
X-Timer: S1507845851.258626,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 32 x 32, 8-bit colormap, non-interlaced
Size:   1196
Md5:    875088afd308ad6a6fe04edc42205589
Sha1:   1f2d8732637c394590ab3edb010d5160b22b6ff9
Sha256: e958b10232833f4e7fd7ff86bb5151fc8f21d519b77907401f8e4077c6c50cb7
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-topmenu-elves.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-bef"
Expires: Fri, 10 Nov 2017 06:40:39 GMT
Cache-Control: max-age=2592000
Content-Length: 3055
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 141812
Connection: keep-alive
X-Served-By: cache-hhn1522-HHN
X-Cache: HIT
X-Cache-Hits: 21
X-Timer: S1507845851.260698,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 420 x 40, 8-bit colormap, non-interlaced
Size:   3055
Md5:    77579620efb7347694314240054a0110
Sha1:   602df7cdb4c7440e646cd72254140544f36e6781
Sha256: d06733d3d75157ad6b47c052708e5362a71716f7684eec0d2f77a68d81fe39b1
                                        
                                            GET /media/images/ipp/ipp-buttons.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:05 GMT
Etag: "59ddd999-971"
Expires: Sat, 11 Nov 2017 06:22:10 GMT
Cache-Control: max-age=2592000
Content-Length: 2417
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 56521
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 458
X-Timer: S1507845851.260579,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 83 x 41, 8-bit colormap, non-interlaced
Size:   2417
Md5:    ef18acdd79d8132378bdb4f42e0904df
Sha1:   fe185f73020f2d314e3e0ce288327e8c7ccffc92
Sha256: 1b38a727b17fbf7e5409ed04c7be94bfd49addacfd081673dabb2f87d304cf53
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Mon, 16 Oct 2017 22:04:11 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    4b45a06f488bc36f590ba9b61921b7d7
Sha1:   7611da687b1cb01236a61dfc29e35b2fc0ced459
Sha256: ca121f756e9fe64bc134d1c894236af096bcc89bfa9e49ed9fa20858b09384eb
                                        
                                            GET /ads/user-lists/1013420487/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=4212247192 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.164
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.no/ads/user-lists/1013420487/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=4212247192&ipr=y&ulfeg=n
Cache-Control: private, max-age=43200
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Thu, 12 Oct 2017 22:04:11 GMT
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 411
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   411
Md5:    81e95261dbd43086934214d9e6cd7a1d
Sha1:   c6be3d4b11d78354886f8f91a2e8e9aa9e5515e7
Sha256: a38d174d05ef47e9da215197c61f17f8d752824f9a083228cbf248594490e2c9
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Expires: Mon, 16 Oct 2017 22:04:11 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    b633a6588f944f5de5481951619ca8fe
Sha1:   8e8bfc6bb86c14f5088cafff36a1f8ed5ecb652e
Sha256: b9195a3a372a0c8cd03d98a063a37a518069c15866a05282b8c7d0ccda96dff6
                                        
                                            GET /rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html HTTP/1.1 
Host: vars.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         94.31.29.64
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: Db0ty5SlQWV8QozlSs1H6VU+jU/8Rd4P5D3gGjmE6DGK7C9fgMcU3ilQ7/bAeZXaG2cUFKIl2s0=
x-amz-request-id: 9F5BF3C33E98F44D
Last-Modified: Tue, 07 Mar 2017 10:35:33 GMT
Etag: W/"99d43ead6bdf30da8ed5ffcb4f17100c"
Cache-Control: max-age=31536000
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   869
Md5:    39312037cb450ff8520c458463e5ce54
Sha1:   c82dc86bcbbd07d266fe8a562c81fc8385efdbf5
Sha256: a8c1861553e2da5f34307fa096c6e3d2d8cd0948112a39490041736b0e212331
                                        
                                            GET /modules-3474bcdf0768a446d3f92f4f03f2dd78.js HTTP/1.1 
Host: script.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         23.111.9.32
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: tuv7MU5SzO/pxCYHpnkK+nbQDlDm9xVPhG/I726j6ztexoK90NkwtuCSrXwFX6rZCgWauQB0ubI=
x-amz-request-id: 37072DA9933FF035
Last-Modified: Wed, 04 Oct 2017 16:10:51 GMT
Etag: W/"3474bcdf0768a446d3f92f4f03f2dd78"
Cache-Control: max-age=31536000
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   69365
Md5:    55da2d3f85e69893626cc8942bbf7069
Sha1:   2894ea88f7d08f786ba6d284c5f8d17c7394cacd
Sha256: 1ef6df9a81e006250567c0bef340a384c80cdfef71c161c8cad31083ab1425b8
                                        
                                            GET /ads/user-lists/970075357/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=1566620926&ipr=y&ulfeg=n HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 12 Oct 2017 22:04:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, Stereo
Size:   2801
Md5:    3505f7c535f07feb324e1d3caeb6b91e
Sha1:   223cf4691861ef18619e9abb74fe6a2b216f6549
Sha256: b94356afd6eecd6c2bdaa7656a0c97b506049288d8af5dbcebdd22426d94175f
                                        
                                            GET /media/images/background/onyx/background-onyx-real-ingame.1507625208.jpg HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Last-Modified: Tue, 19 Sep 2017 09:47:47 GMT
Etag: "59c0e7c3-8616c"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 549228
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 218696
Connection: keep-alive
X-Served-By: cache-hhn1543-HHN
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1507845852.525414,VS0,VE0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   549228
Md5:    9539410b96505ece5e4f731bf4c10769
Sha1:   472904665145a08f1c25e79c5797aa1b6fb931dc
Sha256: 307cdc0f258ebaed75939e53b42f6a1eb0ac08605fd910e875b9bbd81df294d5
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-character-elves-2017.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-c2f8"
Expires: Fri, 10 Nov 2017 03:22:25 GMT
Cache-Control: max-age=2592000
Content-Length: 49912
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 153706
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1507845852.524843,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 730 x 460, 8-bit colormap, non-interlaced
Size:   49912
Md5:    f3809cfe30a9123201f991beff804050
Sha1:   8c4956e18adf2ab1527e1a88bdc05087492b01cd
Sha256: 38cc757171c7cb7b9c8c21fb1f6a4061bf404d289ed71d3fb721797b9f36fbff
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-sprite-sfx.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-3f6"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 1014
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:12 GMT
Via: 1.1 varnish
Age: 218697
Connection: keep-alive
X-Served-By: cache-hhn1543-HHN
X-Cache: HIT
X-Cache-Hits: 12
X-Timer: S1507845853.608809,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 76 x 20, 8-bit colormap, non-interlaced
Size:   1014
Md5:    2222c6faba56beffe22b8990d16be0aa
Sha1:   a25f973fa4f8d67063d11aa52dce904078bf0023
Sha256: 64d8765129a797908be22d9c04836a7fd5efaa37b6d1fdd42bce2e615d19e3bc
                                        
                                            GET /api/tracker/9872ed9fc22fc182d371c3e9ed316094/landing.js HTTP/1.1 
Host: fstrk.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         54.192.129.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 31 Jul 2017 11:20:23 GMT
Last-Modified: Thu, 15 Dec 2016 09:53:08 GMT
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 38459
X-Cache: Hit from cloudfront
Via: 1.1 ccffff70b43b15585d7c2b7684176a5a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2ED5ZjpRI6pAZeJFsUcQgOETsm0laMnwuQ6hReVjniJ69jIKXXM2VA==


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11291
Md5:    61d85e8d0e720484dde8e7dd8f98441c
Sha1:   5d58990bfe29587ac8a7eaf291b3d827b9a4d489
Sha256: 4347fc6e0e918551897c196bd949f7af9961fbf2a0b4c5954ec663702b77623c
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-contentbox-decoration.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 19 Sep 2017 09:47:47 GMT
Etag: "59c0e7c3-4eaf"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 20143
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:12 GMT
Via: 1.1 varnish
Age: 218698
Connection: keep-alive
X-Served-By: cache-hhn1543-HHN
X-Cache: HIT
X-Cache-Hits: 12
X-Timer: S1507845853.681574,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 607 x 220, 8-bit colormap, non-interlaced
Size:   20143
Md5:    bfedab8c93e7be9bc0f5c5876535a01f
Sha1:   b85a7e00e159daa0f0ccf7ffe7f33ebc5c70a373
Sha256: b70c787016297c3403d8f6454e46ce67edf2a158bb82eabd11e9bbcfdde3a767
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-contentbox-middle-2.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-eb"
Expires: Thu, 09 Nov 2017 09:19:30 GMT
Cache-Control: max-age=2592000
Content-Length: 235
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:12 GMT
Via: 1.1 varnish
Age: 218682
Connection: keep-alive
X-Served-By: cache-hhn1543-HHN
X-Cache: HIT
X-Cache-Hits: 13
X-Timer: S1507845853.733523,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 520 x 2, 8-bit colormap, non-interlaced
Size:   235
Md5:    b3c10557edfd6e5ae73ca886dcbbc78c
Sha1:   3def49ef226996c92a8ea205f2429da7afc88fed
Sha256: 147dcd1b869e163fdf1fe2fb866594b26ac08c4e9b4eaef19a13bacdfb8247b2
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-contentbox-2.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-fec"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 4076
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:12 GMT
Via: 1.1 varnish
Age: 218697
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1507845853.682069,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 520 x 270, 8-bit colormap, non-interlaced
Size:   4076
Md5:    e8988eae68e497add70a2653953212f0
Sha1:   00bb2e738aeb550250d297c9ddf5dc57ca7d8592
Sha256: 1ef38ea22f914bea82eef7236126b7baa6edd332ca4a84c32d03a4bee8040dda
                                        
                                            GET /ads/user-lists/963216494/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=2012399622 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.164
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.google.no/ads/user-lists/963216494/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=2012399622&ipr=y&ulfeg=n
Cache-Control: private, max-age=43200
Date: Thu, 12 Oct 2017 22:04:12 GMT
Expires: Thu, 12 Oct 2017 22:04:12 GMT
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 410
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  HTML document text
Size:   410
Md5:    4df49e9845db9c667b8807c84d895262
Sha1:   c5f0b94f742736a9dd18db27ed0b8b6b8902d9fa
Sha256: 83348673c3ba7f0e3baec955516f8b151f1d5ad84b63a33572ae63145b8205ea
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-townhall-elves.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:43 GMT
Etag: "59dc8a5b-1216f"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 74095
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 218696
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 4
X-Timer: S1507845852.523391,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 575 x 388, 8-bit colormap, non-interlaced
Size:   74095
Md5:    fa35f1712604c111101ceb9a54f6bdc5
Sha1:   46ecafe7b26ab3f301c85d8f4f2471a3064083a2
Sha256: 62e0817f5fb69959b7e2caed9176d3a2c904694098084b3df6cd52d31d0619d4
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-footer-elves.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 19 Sep 2017 09:47:47 GMT
Etag: "59c0e7c3-c0c"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 3084
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:13 GMT
Via: 1.1 varnish
Age: 218699
Connection: keep-alive
X-Served-By: cache-hhn1543-HHN
X-Cache: HIT
X-Cache-Hits: 14
X-Timer: S1507845854.932355,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 260 x 60, 8-bit colormap, non-interlaced
Size:   3084
Md5:    81e34dcb340b178c1ef155f1b91160b4
Sha1:   1207266d13a2fe2048ec8b55efbaf07198b22aba
Sha256: 4ae16a450158681e6e5203d61a8cc4fb6b38d42bd62309a64dc99477c27b21a6
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-footer-middle-elves.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:05 GMT
Etag: "59ddd999-be"
Expires: Sat, 11 Nov 2017 06:22:22 GMT
Cache-Control: max-age=2592000
Content-Length: 190
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:13 GMT
Via: 1.1 varnish
Age: 56512
Connection: keep-alive
X-Served-By: cache-hhn1521-HHN
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1507845854.934055,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 2 x 60, 4-bit colormap, non-interlaced
Size:   190
Md5:    b9095a393d84b06dfee006afd02e1c1a
Sha1:   5ee55aa68f04055a3f8adbddb94728987eca0fa0
Sha256: be3465c36ea6ceab8df2b15c58fb4496654c68ac19e79564b62cca5d10c7c7e0
                                        
                                            GET /ads/user-lists/1013420487/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=4212247192&ipr=y&ulfeg=n HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 12 Oct 2017 22:04:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ddm/fls/i/src=4830912;type=lpvissal;cat=elvgllps;qty=1;cost=%5BRevenue%5D;ord=%5BOrderID%5D;~oref=https://om.elvenar.com/ox/no/%3Fref%3Dcas_no_no%26pid%3D1590229-2366072709-0%26acsc%3D66163049 HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         216.58.209.130
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://adservice.google.no/ddm/fls/i/src=4830912;type=lpvissal;cat=elvgllps;qty=1;cost=%5BRevenue%5D;ord=%5BOrderID%5D;~oref=https://om.elvenar.com/ox/no/%3Fref%3Dcas_no_no%26pid%3D1590229-2366072709-0%26acsc%3D66163049
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
                                        
                                            GET /ads/user-lists/963216494/?value=0&guid=ON&script=0&data=type%3Dlanding%3Bpartner%3Dretargeting%3Bgame%3Delvenar&cdct=2&is_vtc=1&random=2012399622&ipr=y&ulfeg=n HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 12 Oct 2017 22:04:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:14 GMT
Server: Apache
Last-Modified: Mon, 09 Oct 2017 13:56:20 GMT
Expires: Mon, 16 Oct 2017 13:56:20 GMT
Etag: 1FF564C84A0FF832AE21CB0C14A969EF780B9AD4
Cache-Control: max-age=315725,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp30
Content-Length: 472
Connection: close


--- Additional Info ---
Magic:  data
Size:   472
Md5:    66503949b3a5c5616cff53379b2e9902
Sha1:   1ff564c84a0ff832ae21cb0c14a969ef780b9ad4
Sha256: 701dfb15379f9f681efab09eb72ce9dca77d636fb4eef7f885a08b3ff918f601
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 12 Oct 2017 22:04:14 GMT
Expires: Mon, 16 Oct 2017 22:04:14 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    3c4b9304c332ffa4413cd9651ffd5c80
Sha1:   5622a6df7541031508417b4062b7ec7a3a9caa3a
Sha256: 76712f96edd8f4437cecea3b9cb8593300cfa2fb6e935e289b3f38047c5e1349
                                        
                                            GET /media/images/ingame/onyx/ingame-onyx-sprite-sfx-menu.1507625209.png HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/css/templates/onyx/am730a.1507711386.css

                                         
                                         151.101.114.109
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Last-Modified: Tue, 19 Sep 2017 09:47:47 GMT
Etag: "59c0e7c3-c4b"
Expires: Thu, 09 Nov 2017 09:19:15 GMT
Cache-Control: max-age=2592000
Content-Length: 3147
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:14 GMT
Via: 1.1 varnish
Age: 218698
Connection: keep-alive
X-Served-By: cache-hhn1529-HHN
X-Cache: HIT
X-Cache-Hits: 21
X-Timer: S1507845854.043307,VS0,VE0


--- Additional Info ---
Magic:  PNG image, 99 x 80, 8-bit colormap, non-interlaced
Size:   3147
Md5:    f1b170f5a54d382d856dc5f61102c78f
Sha1:   a22c44642f30a71bf26736eaeb0876217f6004cb
Sha256: 12f895bc0f187e0c02a65c6583dbccc0296c492cb39351b4fe88582a574e0193
                                        
                                            GET /e.gif?data=eyJldmVudF90eXBlIjoibWxwcyIsImV2ZW50X25hbWUiOiJwYWdlLXJlYWR5IiwiZXZlbnRfc2NvcGUiOiJzeXN0ZW0iLCJkYXRhIjp7InJlc29sdXRpb24iOnsid2lkdGgiOjExNzYsImhlaWdodCI6ODg1fSwiZmxhc2hfYXZhaWxhYmxlIjpudWxsfSwic2NoZW1hX3ZlcnNpb24iOiIyMDE3MDUwMzEwMTM0MCIsImV2ZW50X2lkIjoiIyMjVVVJRCMjIyIsInN5c3RlbV90eXBlIjoiY29udmVyc2lvbiIsInN5c3RlbV9uYW1lIjoibWV0cmljc2pzLWZyb250ZW5kIiwiZ2FtZSI6Im9ueXgiLCJtYXJrZXQiOiJubyIsInBsYXllcl9pZCI6bnVsbCwiY3JlYXRlZF9hdCI6IjIwMTctMTAtMTJUMjI6MDQ6MTMuODk5WiIsInJlY2VpdmVkX2F0IjpudWxsLCJob3N0bmFtZSI6Im9tLmVsdmVuYXIuY29tIiwiY29udGV4dCI6eyJjYXRlZ29yeSI6Im1scHMiLCJ2aXNpdG9yX2lkIjoiNmIxZmJkY2YtYzIzYy00MGYwLTlkN2EtNjRkYWYwYjNlOWYwIiwiZmluZ2VycHJpbnQiOjMwODU5NzkzMjgsInVzZXJfaXAiOiIjIyNVU0VSX0lQIyMjIiwib3NfdHlwZSI6ImJyb3dzZXIiLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNi4xOyBlbi1VUzsgcnY6MS45LjIuMTMpIEdlY2tvLzIwMTAxMjAzIEZpcmVmb3gvMy42LjEzIiwibGFuZGluZ19wYWdlX2lkIjoiYW03MjQiLCJwYXJ0bmVyX3ByZWZpeCI6ImNhcyIsImNhbXBhaWduX2lkIjoiY2FzX25vX25vIiwiYmFubmVyX2lkIjpudWxsLCJjcmVhdGl2ZV9pZCI6bnVsbCwicHVibGlzaGVyX2lkIjoiMTU5MDIyOS0yMzY2MDcyNzA5LTAiLCJ2aWV3cG9ydCI6eyJ3aWR0aCI6MTE3NiwiaGVpZ2h0Ijo3NTR9fX0= HTTP/1.1 
Host: cst.innogames.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         212.53.143.141
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 12 Oct 2017 22:04:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-JoinUs: We are always searching for skilled admins and passionate coders! Go to career.innogames.com and mention this header in your application!


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /ddm/fls/i/src=4830912;type=lpvissal;cat=elvgllps;qty=1;cost=%5BRevenue%5D;ord=%5BOrderID%5D;~oref=https://om.elvenar.com/ox/no/%3Fref%3Dcas_no_no%26pid%3D1590229-2366072709-0%26acsc%3D66163049 HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Date: Thu, 12 Oct 2017 22:04:14 GMT
Expires: Thu, 12 Oct 2017 22:04:14 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   177
Md5:    9393b28661a65a763699c108887882eb
Sha1:   c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
Sha256: 2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
                                        
                                            GET /e.gif?data=eyJldmVudF9uYW1lIjoicGFnZS1sb2FkZWQiLCJldmVudF9zY29wZSI6InN5c3RlbSIsImRhdGEiOnt9LCJzY2hlbWFfdmVyc2lvbiI6IjIwMTcwNTAzMTAxMzQwIiwiZXZlbnRfaWQiOiIjIyNVVUlEIyMjIiwic3lzdGVtX3R5cGUiOiJjb252ZXJzaW9uIiwic3lzdGVtX25hbWUiOiJtZXRyaWNzanMtZnJvbnRlbmQiLCJnYW1lIjoib255eCIsIm1hcmtldCI6Im5vIiwicGxheWVyX2lkIjpudWxsLCJldmVudF90eXBlIjoibWxwcyIsImNyZWF0ZWRfYXQiOiIyMDE3LTEwLTEyVDIyOjA0OjE0LjIwNVoiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6IjZiMWZiZGNmLWMyM2MtNDBmMC05ZDdhLTY0ZGFmMGIzZTlmMCIsImZpbmdlcnByaW50IjozMDg1OTc5MzI4LCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjEzKSBHZWNrby8yMDEwMTIwMyBGaXJlZm94LzMuNi4xMyIsImxhbmRpbmdfcGFnZV9pZCI6ImFtNzI0IiwicGFydG5lcl9wcmVmaXgiOiJjYXMiLCJjYW1wYWlnbl9pZCI6ImNhc19ub19ubyIsImJhbm5lcl9pZCI6bnVsbCwiY3JlYXRpdmVfaWQiOm51bGwsInB1Ymxpc2hlcl9pZCI6IjE1OTAyMjktMjM2NjA3MjcwOS0wIiwidmlld3BvcnQiOnsid2lkdGgiOjExNzYsImhlaWdodCI6NzU0fX19 HTTP/1.1 
Host: cst.innogames.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://om.elvenar.com/ox/no/?ref=cas_no_no&pid=1590229-2366072709-0&acsc=66163049

                                         
                                         212.53.143.141
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 12 Oct 2017 22:04:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-JoinUs: We are always searching for skilled admins and passionate coders! Go to career.innogames.com and mention this header in your application!


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /media/video/sounds/onyx/sounds-onyx-click.mp3 HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Range: bytes=0-

                                         
                                         151.101.114.109
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Last-Modified: Tue, 10 Oct 2017 08:52:44 GMT
Etag: "59dc8a5c-4e5d"
Expires: Fri, 10 Nov 2017 03:20:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 153804
Connection: keep-alive
X-Served-By: cache-hhn1549-HHN
X-Cache: HIT
X-Cache-Hits: 749
X-Timer: S1507845852.833310,VS0,VE0
Content-Range: bytes 0-20060/20061
Content-Length: 20061


--- Additional Info ---
                                        
                                            GET /media/video/sounds/onyx/sounds-onyx-build-finished.mp3 HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Range: bytes=0-

                                         
                                         151.101.114.109
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Last-Modified: Wed, 11 Oct 2017 08:43:05 GMT
Etag: "59ddd999-c3ea"
Expires: Sat, 11 Nov 2017 06:22:52 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 56479
Connection: keep-alive
X-Served-By: cache-hhn1522-HHN
X-Cache: HIT
X-Cache-Hits: 368
X-Timer: S1507845852.522425,VS0,VE0
Content-Range: bytes 0-50153/50154
Content-Length: 50154


--- Additional Info ---
                                        
                                            GET /media/video/sounds/onyx/sounds-onyx-build-elves.mp3 HTTP/1.1 
Host: lps.innogamescdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Range: bytes=0-

                                         
                                         151.101.114.109
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Last-Modified: Tue, 19 Sep 2017 09:47:47 GMT
Etag: "59c0e7c3-ab6c"
Expires: Thu, 09 Nov 2017 06:50:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Date: Thu, 12 Oct 2017 22:04:11 GMT
Via: 1.1 varnish
Age: 227623
Connection: keep-alive
X-Served-By: cache-hhn1528-HHN
X-Cache: HIT
X-Cache-Hits: 563
X-Timer: S1507845852.512414,VS0,VE0
Content-Range: bytes 0-43883/43884
Content-Length: 43884


--- Additional Info ---