click.megawin168.com/?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE=
170.187.185.18301 Moved Permanently 366 B URL HTTP/1.1 click.megawin168.com/?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE=
IP 170.187.185.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 86dd9bbafff006979af380c231f27e55
48f0d02b77ca646f2927be8fc9d913373b4c1d01
5a61e99561fc52b06c5846d5d4467e48b9fd93d4d969e554a023542005111d09
GET /?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE= HTTP/1.1
Host: click.megawin168.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 05 Feb 2023 22:44:53 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 366
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests
Location: https://click.megawin168.com/?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE=
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10938
Expires: Mon, 06 Feb 2023 01:47:11 GMT
Date: Sun, 05 Feb 2023 22:44:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2242
Expires: Sun, 05 Feb 2023 23:22:15 GMT
Date: Sun, 05 Feb 2023 22:44:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 22:33:59 GMT
content-type: application/json
age: 654
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17073
Expires: Mon, 06 Feb 2023 03:29:26 GMT
Date: Sun, 05 Feb 2023 22:44:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n27ls8orfvbNJBoXfeGfbe88siAf9rWVJ16ziWWeEcYwHAjuKrN+eozDGsTSplXvdkVmccuDhvg=
x-amz-request-id: KE21NVPW90QZ9CEE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 22:24:40 GMT
age: 1213
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 22:44:53 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0b5e8b63417c693da7d9f58fbe3f209
75748cd6191c2c9b20ce7785394ffd1280d1832e
f5b1ddb63f0f5bae98f319d3641bfff4d16716807e23a869ddfdbe08fa8c3b39
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5B1DDB63F0F5BAE98F319D3641BFFF4D16716807E23A869DDFDBE08FA8C3B39"
Last-Modified: Sun, 05 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Mon, 06 Feb 2023 04:43:44 GMT
Date: Sun, 05 Feb 2023 22:44:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 22:07:20 GMT
age: 2253
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2df1ab80c8f60c0c3a77d5177fabb2bb
52a37bf6149cf14b3ce5e8f27707eac2b2a5d0fa
51b461fb86cf4cbeda848b2942ba51745ea844febdb85fa236869dd4b8fabbc3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:53 GMT
Server: ECS (amb/6B99)
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15739
Expires: Mon, 06 Feb 2023 03:07:13 GMT
Date: Sun, 05 Feb 2023 22:44:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2df1ab80c8f60c0c3a77d5177fabb2bb
52a37bf6149cf14b3ce5e8f27707eac2b2a5d0fa
51b461fb86cf4cbeda848b2942ba51745ea844febdb85fa236869dd4b8fabbc3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:54 GMT
Last-Modified: Sun, 05 Feb 2023 22:44:53 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
54.187.31.159101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.31.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cE7Hqeldzez8KwW41wdPjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2/zljpW8tKByedwFZzp/Dk8Tpn0=
rbn-bc-7s.lptrak.com/redirect.aspx?pid=2055624&lpid=14877&bid=8727
23.36.79.24307 Temporary Redirect 0 B URL HTTP/2 rbn-bc-7s.lptrak.com/redirect.aspx?pid=2055624&lpid=14877&bid=8727
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=2055624&lpid=14877&bid=8727 HTTP/1.1
Host: rbn-bc-7s.lptrak.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au-online-casinos.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://rabona100.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 05 Feb 2023 22:44:54 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 05 Feb 2023 22:44:54 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a2055624%2c%22BID%22%3a8727%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675637094460)%5c%2f%22%2c%22CookieTag%22%3a%2287272055624451240919C2023252244%22%7d%5d; SameSite=None;; domain=.lptrak.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22581295015%7c1%22%7d%5d; domain=.lptrak.com; expires=Tue, 05-Feb-3022 22:44:54 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=42
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b9ae0b18c052faa8636647b11d4fdcc9
6ebe5f43fc7b3be9634d1752054f74f77808cfd6
78f48fdfae397102d14855f161bc7204f6a60bfb14e65862183a322c56efc784
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=148214
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:54 GMT
Etag: "63dfd15c-117"
Expires: Tue, 07 Feb 2023 15:55:08 GMT
Last-Modified: Sun, 05 Feb 2023 15:55:08 GMT
Server: nginx
Content-Length: 279
rabona100.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
45.8.106.209301 Moved Permanently 0 B URL HTTP/2 rabona100.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
IP 45.8.106.209:0
ASN #209242 Cloudflare London, LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727 HTTP/1.1
Host: rabona100.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://au-online-casinos.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 05 Feb 2023 22:44:54 GMT
content-length: 0
location: https://rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
vary: Accept-Encoding
server: cloudflare
cf-ray: 794f2c622b480b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b9ae0b18c052faa8636647b11d4fdcc9
6ebe5f43fc7b3be9634d1752054f74f77808cfd6
78f48fdfae397102d14855f161bc7204f6a60bfb14e65862183a322c56efc784
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 403
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:54 GMT
Last-Modified: Sun, 05 Feb 2023 22:38:11 GMT
Server: ECS (amb/6BA1)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f85be4c5c11eed5427cfa54dfe537c7d
a114853743a25133629eaa0c378ca75c9cde3853
02b72c0ecc7e74f440424cc7c55487463b3b434745f02be0e95f3a77c8cb1b70
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 848
Cache-Control: max-age=169944
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:54 GMT
Etag: "63e022ee-117"
Expires: Tue, 07 Feb 2023 21:57:18 GMT
Last-Modified: Sun, 05 Feb 2023 21:43:10 GMT
Server: ECS (amb/6B87)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f85be4c5c11eed5427cfa54dfe537c7d
a114853743a25133629eaa0c378ca75c9cde3853
02b72c0ecc7e74f440424cc7c55487463b3b434745f02be0e95f3a77c8cb1b70
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 849
Cache-Control: max-age=169944
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Etag: "63e022ee-117"
Expires: Tue, 07 Feb 2023 21:57:19 GMT
Last-Modified: Sun, 05 Feb 2023 21:43:10 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
rabona.com/linda-test/linda-test.css?t=1674827460663
45.8.106.46404 Not Found 559 B URL HTTP/2 rabona.com/linda-test/linda-test.css?t=1674827460663
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3736f721b30611cc789014c46f5c3058
1926807b1a29877855fa5b6efe293cdc76eea436
5180dca51224e9dc708e147536fbdf8c220f3976b29c83faf660e3fec58dac19
GET /linda-test/linda-test.css?t=1674827460663 HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/html
cf-ray: 794f2c63eb03b4f4-OSL
age: 1
set-cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y
vary: null, Accept-Encoding
cf-cache-status: HIT
cf-revalidated: Sun Feb 05 2023 22:44:54 GMT+0000 (Coordinated Universal Time)
cf-ttl: 1675637104970
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleoptimize.com/optimize.js?id=OPT-5GMTG8G
142.250.74.78200 OK 45 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-5GMTG8G
IP 142.250.74.78:0
File type ASCII text, with very long lines (1812)
Hash 6b8771c5adb0454e79b8b0fd3fa60fe2
3d98cabbbd3bef579888f3ff828547584b82d436
2339095f9ad524513af48366bb423bcf1c16020a19877f4c6c8b61f6daae7496
GET /optimize.js?id=OPT-5GMTG8G HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 22:44:55 GMT
expires: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45082
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/libphonenumber-js@1.9.38/bundle/libphonenumber-min.js
151.101.129.229200 OK 38 kB URL HTTP/2 cdn.jsdelivr.net/npm/libphonenumber-js@1.9.38/bundle/libphonenumber-min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0880c171f6c1061e1a2de7c892645c86
39b9c3eedf84507430791a2f17e03a4bc4b891be
e02180112a0dee98478682fa68ebef088ef1ca2cd3052ca783212478833151a3
GET /npm/libphonenumber-js@1.9.38/bundle/libphonenumber-min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.9.38
x-jsd-version-type: version
etag: W/"23e2d-8Ljb58fTcif9uN6WX1ki2pXIRm0"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 Feb 2023 22:44:55 GMT
age: 5347401
x-served-by: cache-fra-eddf8230084-FRA, cache-bma1677-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 38325
X-Firefox-Spdy: h2
cdn.seondf.com/js/v4/agent.js
188.114.97.1200 OK 101 kB URL HTTP/2 cdn.seondf.com/js/v4/agent.js
IP 188.114.97.1:0
File type C source, ASCII text, with very long lines (65536), with no line terminators
Size 101 kB (101321 bytes)
Hash ea07f1f3ede99f7c43c6525e87aab486
c962208a38e686e0783069f291162564b425c198
9144691a65f68827db11d3d727e24eb6fb0dd50d543d403feacc3e06975847ac
GET /js/v4/agent.js HTTP/1.1
Host: cdn.seondf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
cache-control: max-age=14400
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r3vBq8zJ-CY-NYQu_l7H4C5pSplwPeCF8zFIyJyqVW6saqZZag2g2w==
cf-cache-status: HIT
age: 3249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azdmB4XqB%2B6Tv%2FQkzNxGoSecYXhM%2BVxmqXpTNvMV%2B9E44nT0Dd%2BCXwmOs35ztGdyAWRDCn2YgURj9roouPk9VWYS7mOL0C6XvX%2BVPCflABnRPEdNgzaNVWJTx68IJB5jWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f2c647fbe1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Montserrat:wght@500;600;800;900&display=swap
142.250.74.74200 OK 74 kB URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@500;600;800;900&display=swap
IP 142.250.74.74:0
Hash 9f4bb0300747d8f0d9058863e000884e
040be42357f83e783cc4fb6d93e8def24c6e25ea
cc28c358e429a245e67ec34d8dbf581e4438cc3991708f1e186107f9f95ebc77
GET /css2?family=Montserrat:wght@500;600;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 22:44:55 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 31 kB IP 142.250.74.163:0
Hash 18ed44e06bd715089c04c98aa33e4ba2
8dca1fd2621b83b4d9b7603fa8e61edee2b138bb
a5fef65fe067640282c2a7101fcef9a4d23bac60e73b12f048d76b2e5f4a7945
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,500;0,600;0,700;1,600;1,700&display=swap
142.250.74.74200 OK 28 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,500;0,600;0,700;1,600;1,700&display=swap
IP 142.250.74.74:0
Hash 110d1d04074bcedd81f374891eda142c
71f183789b481ec221ca330b25e8e586ec77dadf
12ed3baef8952fa0c08328767198e0d2b64748784adbacedc9d09d70d7e89793
GET /css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,500;0,600;0,700;1,600;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 22:44:55 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2301
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 22:44:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2301
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 22:44:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2301
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 22:44:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 3059
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cb0dab387816c4b691190ec83c2f0f06
9c56d516ae0178b5b0d8bbf2b16e2e7fbe25e358
6655307747227d7905f0eca1aaefda6147e4ae443fb9fb20cdb6a336aaab5b67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8528
x-amzn-requestid: b799da5b-d52a-4d83-bdd4-9582d39d6c5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwCmAFYgIAMFjvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb159-77235f642e8a0bdb07414dcb;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:01:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EN4Mi_2U_eISge5bd6JQgkg6rGJcB2cQAyhKHOZO-g_Arj6kofRo6g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:26:08 GMT
age: 55127
etag: "9c56d516ae0178b5b0d8bbf2b16e2e7fbe25e358"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a24cf7b2db6d65c3fe5daf78b3309ced
a3653a9a7baea412808dd91572ff21e1a505c26f
f55ee98bab5ce53d6acc1cac7f54f089b42d5f2ffbe750d869c4f4a7bc26f715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 3292
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d63833d-c4af-4746-a163-2d9da6b2bf67.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d63833d-c4af-4746-a163-2d9da6b2bf67.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27b516a4bb5fa5512a31aa8de5f9706e
03aeba4fafc64130967d3645081426f81b5f7dd1
7e5d809bf4e1b6f7f25bf604c1e5efcaf2a442ebfb53397d65820ebb1eaf754a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d63833d-c4af-4746-a163-2d9da6b2bf67.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: 4cae7b8e-f650-4d61-9f3d-8cce7410ba1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pOKFamIAMF4gQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0225a-51cd8f5b2d810ad94f52a5e3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:40:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WhhBAtYjlLj3PcIM5a-OwGIDFLeHYNF5Tg99rpTFMa326gTFJ56zBA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:51:21 GMT
age: 3214
etag: "03aeba4fafc64130967d3645081426f81b5f7dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d6107217bc206ebf204dfcf832cffc04
4f370e81106ef09ce9294eaa074ff6922197ded0
2cc25b8ddf56ceb274bd147d4e54f3fc386a97f984aa3a7bcc19f083fe68b94f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3943
x-amzn-requestid: 918fd8d6-0118-4548-9380-e3078577a876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzWBtEdKoAMFwnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de03a4-6d8ffde860d89fbc513a20f9;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:05:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZRVPNp0hKlSBXYjgbVfF8MGqNMHCKF2T4fAqflvZz8z-Uy9bKR9HhA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:17:18 GMT
age: 55657
etag: "4f370e81106ef09ce9294eaa074ff6922197ded0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cd17eb6d585aff9bcc88460e3e961e9c
3016d61019be89a3a55fea3924ca59bc5ae05a84
c93587e7d7245ebed588ad49cfcb11ba48728fedd4aa649dbb58b3a3d1a530d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Etag: "63dfdb44-117"
Last-Modified: Sun, 05 Feb 2023 22:44:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1d4/_ibhcSa3J8o
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_ibhcSa3J8o
IP 142.250.74.163:0
Hash aa513ef8655f1a4ddaaa225a313e91f1
ca18dd7df8ef7633d2197fdd5ad1e856fa1284ee
e8156d3562c454d5dd89c116facdcd327a0b3800b2a5e0a6e36bdd3a9368b8f6
POST /s/gts1d4/_ibhcSa3J8o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zz.connextra.com/dcs/tagController/tag/a63e00208e85/landingpage
104.110.28.81200 OK 17 kB URL HTTP/2 zz.connextra.com/dcs/tagController/tag/a63e00208e85/landingpage
IP 104.110.28.81:0
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (2769)
Hash 3427d22659808d56e41cf082dfe587b0
69945deb59e261d1b224561537d3de96aa0bdf66
e145931a8c8884c933c1143f63fa5b06bfa6603847e570a3b621a46a1f82fe22
GET /dcs/tagController/tag/a63e00208e85/landingpage HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=utf-8
content-length: 16603
server: istio-envoy
content-encoding: gzip
x-envoy-upstream-service-time: 2
cache-control: must-revalidate, max-age=125
expires: Sun, 05 Feb 2023 22:47:00 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f42c0d1cd34dd1d6e27d8d13e2034fa
aee1e48ed0450d58d165714bec4be7307eede096
8c057825608d7e340ab1b69839c5a73316162b0afbea1f759c2d6acb6e3f9035
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C057825608D7E340AB1B69839C5A73316162B0AFBEA1F759C2D6ACB6E3F9035"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10535
Expires: Mon, 06 Feb 2023 01:40:30 GMT
Date: Sun, 05 Feb 2023 22:44:55 GMT
Connection: keep-alive
au-online-casinos.com/wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.3.2
172.67.133.233200 OK 547 B URL HTTP/2 au-online-casinos.com/wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.3.2
IP 172.67.133.233:0
Hash 14f90246f69e3f61f6545c8b3e86d0cf
7bcbda51bb44365ed8665100ec445506f156818b
4eec07e7b5af6479751c024e1ed31e29c68affd4d389b5a02aa7d4c29950b586
GET /wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.3.2 HTTP/1.1
Host: au-online-casinos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://au-online-casinos.com/rabona
Cookie: prli_click_3=rabona; prli_visitor=63e03166108e5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:54 GMT
content-type: application/javascript
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 05 Feb 2023 09:24:16 GMT
expires: Tue, 07 Mar 2023 10:47:01 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 43073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkxhPSoyc7%2FPHcqBoZzGqbruknkFJwAKcMgWswAoHAq9QOmtamFEK9wlbvj5DmTKktbFwcs2UYXR7SjO5qW%2FOHQFcRph4hTLZyOwBY9Ufq%2BMBUkLn6lH2eIBzoFmMkenUEEND7aatek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794f2c5e7dc5b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sb2integration-altenar2.biahosted.com/api/Integration/rabona?build=1674827460663
172.67.28.232200 OK 4.9 kB URL HTTP/2 sb2integration-altenar2.biahosted.com/api/Integration/rabona?build=1674827460663
IP 172.67.28.232:0
Hash 176a44294c751ddf9e02724af21cc290
43300ebe5488c695e792bd0d5c768e7b49c1d809
e5c94b5095f74fd906228c7ccce22e591d3c32db567aa0008d5bfb27b780b2c6
GET /api/Integration/rabona?build=1674827460663 HTTP/1.1
Host: sb2integration-altenar2.biahosted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/plain; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 794f2c676c520b55-OSL
X-Firefox-Spdy: h2
au-online-casinos.com/rabona
172.67.133.233200 OK 807 B URL HTTP/2 au-online-casinos.com/rabona
IP 172.67.133.233:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f25337b970864702d81c8411c1eebe2d
d9c50d870e05f632b98b3434f0339efcfcd9eb9c
078e72f32c1a60f87c35971e663f90684b1542020f26251b298ad532e6170a3a
GET /rabona HTTP/1.1
Host: au-online-casinos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:54 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Executive 3.3.2 http://prettylink.com
set-cookie: prli_click_3=rabona; expires=Tue, 07-Mar-2023 22:44:54 GMT; Max-Age=2592000; path=/; secure
prli_visitor=63e03166108e5; expires=Mon, 05-Feb-2024 22:44:54 GMT; Max-Age=31536000; path=/; secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqv0rlVcQGl9CSg0v68sgyM5o8GyDWatS2vNdAwE8Dk36j%2B46Tz8Fo0afSl0m4E14EhtlItYb%2FUZ5PIK0EUYK79TdK%2FEA0dgxPiKMGMQDBwh6mZ%2Be4IKHaqhgUqtfXybdpNKnh3FMl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f2c5cfbbdb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6Ld5dhQgAAAAANIx3lMwVJgCICAiwHXHTdQR9gif
142.250.74.164200 OK 583 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Ld5dhQgAAAAANIx3lMwVJgCICAiwHXHTdQR9gif
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 7bdf2364de563ef50d91381e7a66b98c
0799d06f4657573e00d2045d14e8a8248f5a0402
04c767ca0b2e8000884aeb8a3abf3b13625617a10dfcdf111d8653212432742a
GET /recaptcha/api.js?render=6Ld5dhQgAAAAANIx3lMwVJgCICAiwHXHTdQR9gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 05 Feb 2023 22:44:55 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a4c9aec1fbb347e37394d01baf52fa49
2de722d77d4154504aa98e9ef46b8cb21a1be780
069169ac204505b2880ce68b15dd222b84f5923a8d6da6a1119e183f626c6700
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2894
Cache-Control: max-age=165112
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Etag: "63e00811-1d7"
Expires: Tue, 07 Feb 2023 20:36:47 GMT
Last-Modified: Sun, 05 Feb 2023 19:48:33 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a4c9aec1fbb347e37394d01baf52fa49
2de722d77d4154504aa98e9ef46b8cb21a1be780
069169ac204505b2880ce68b15dd222b84f5923a8d6da6a1119e183f626c6700
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5751
Cache-Control: max-age=167969
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:55 GMT
Etag: "63e00811-1d7"
Expires: Tue, 07 Feb 2023 21:24:24 GMT
Last-Modified: Sun, 05 Feb 2023 19:48:33 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
37.157.4.23200 OK 180 B URL HTTP/2 track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
IP 37.157.4.23:0
File type ASCII text, with no line terminators
Hash 2255005e68a8880fe8846b0ce53772ad
36ba75259314950e35818b9d871b02b09dab56ce
28df773657a07be0bbc8ab226c401438dacd6a9bc8662f38f0a69252c0089fc5
GET /Serving/Cookie/?adfaction=getjs;adfcookname=uid HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/javascript; charset=utf-8
content-length: 180
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
37.157.4.23200 OK 180 B URL HTTP/2 track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
IP 37.157.4.23:0
File type ASCII text, with no line terminators
Hash 2255005e68a8880fe8846b0ce53772ad
36ba75259314950e35818b9d871b02b09dab56ce
28df773657a07be0bbc8ab226c401438dacd6a9bc8662f38f0a69252c0089fc5
GET /Serving/Cookie/?adfaction=getjs;adfcookname=uid HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 22:44:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 180
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 05 Feb 2023 21:44:08 GMT
expires: Sun, 05 Feb 2023 23:44:08 GMT
cache-control: public, max-age=7200
age: 3648
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1&z=1764731915
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1&z=1764731915
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1&z=1764731915 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 22:44:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.hotjar.com/modules.bca0d1c28285412bb689.js
143.204.55.96200 OK 68 kB URL HTTP/2 script.hotjar.com/modules.bca0d1c28285412bb689.js
IP 143.204.55.96:0
File type Unicode text, UTF-8 text, with very long lines (49086)
Hash e923aa360dc485b9df86355bd040c998
03c46dbd41e9d4bdf8a9e4bfbaba3f7f2e9280ec
9c7575553c5b81f9b905dbb27c8116b175b69e7472aa6597f8cace1c6434d676
GET /modules.bca0d1c28285412bb689.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 67924
date: Fri, 03 Feb 2023 13:10:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "e923aa360dc485b9df86355bd040c998"
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: puX31qv9q4Sa8-AXjrldXNH1q8i0iHsfciNn26iE5SX0w9RITKjNdA==
age: 207290
X-Firefox-Spdy: h2
rec.smartlook.com/recorder.js
185.76.9.21200 OK 165 kB URL HTTP/2 rec.smartlook.com/recorder.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (3160)
Size 165 kB (165141 bytes)
Hash 1ba8d6f7917a6f37c35593f3c5864c07
c3337bd658f6494eb04e45a1364ebfb77507966e
f907de0e12ba1984ea123364f1f2cf2771d55c0401237b5a38f81d827429ff16
GET /recorder.js HTTP/1.1
Host: rec.smartlook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:56 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
cross-origin-resource-policy: cross-origin
etag: W/"63dbd25e-c4a"
last-modified: Thu, 02 Feb 2023 15:10:22 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-accel-expires: @1675637367
server: CDN77-Turbo
x-77-nzt: AblMCRQhxj7/SQEAAA
x-77-nzt-ray: af58563047b83f6a6831e0630d4c7803
x-cache: HIT
x-age: 329
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1919a9affd83f355e2d14f59bbab1abf
66f97af1501716e43bc40c80dd928ad9e642979a
91a4ff9f494ae9bf9ff41e80094a5bef06efa9b9bbe9e1017955d908219f10b5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3870
Cache-Control: max-age=98458
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Etag: "63deffe4-118"
Expires: Tue, 07 Feb 2023 02:05:54 GMT
Last-Modified: Sun, 05 Feb 2023 01:01:24 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 280
region1.analytics.google.com/g/collect?v=2&tid=G-XF54YG8FKL>m=45je3210&_p=338363578&_gaz=1&cid=1446999193.1675637138&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675637138&sct=1&seg=0&dl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727&dr=https%3A%2F%2Fau-online-casinos.com%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-XF54YG8FKL>m=45je3210&_p=338363578&_gaz=1&cid=1446999193.1675637138&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675637138&sct=1&seg=0&dl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727&dr=https%3A%2F%2Fau-online-casinos.com%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-XF54YG8FKL>m=45je3210&_p=338363578&_gaz=1&cid=1446999193.1675637138&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675637138&sct=1&seg=0&dl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727&dr=https%3A%2F%2Fau-online-casinos.com%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://rabona.com
date: Sun, 05 Feb 2023 22:44:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/g/collect?v=2&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1
64.233.161.157204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1
IP 64.233.161.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-XF54YG8FKL&cid=1446999193.1675637138>m=45je3210&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://rabona.com
date: Sun, 05 Feb 2023 22:44:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rec.smartlook.com/es6/init.b963113c8d830daa7515.js
185.76.9.21200 OK 17 kB URL HTTP/2 rec.smartlook.com/es6/init.b963113c8d830daa7515.js
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
Hash 6fea153810f8688dfff6f6d31d4233c1
910dc568c5769893463e6481b5537ac20d9f977e
a962f71664e0238ebde308c590bf0a0bf6692b797f67add8927f7fc566d0f719
GET /es6/init.b963113c8d830daa7515.js HTTP/1.1
Host: rec.smartlook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:56 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: cross-origin
etag: W/"63dbd25e-de84"
last-modified: Thu, 02 Feb 2023 15:10:22 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-accel-expires: @1706887680
server: CDN77-Turbo
x-77-nzt: AblMCRSEDlv/6FoEAA
x-77-nzt-ray: af58563072ae726b6831e063eca5d30e
x-cache: HIT
x-age: 285416
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15660, version 1.0\012- data
Hash d7b0b953a50fddaa88089b5b787cf719
2f85bc568b27659a3d6452f58f9fd7678450326d
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rabona.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 16:02:58 GMT
expires: Mon, 05 Feb 2024 16:02:58 GMT
cache-control: public, max-age=31536000
age: 24118
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17376, version 1.0\012- data
Hash 8e134f1169d65556e833a4f33fd78242
6f6a4355042cc46857a27f98426e5f5df3059697
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
GET /s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rabona.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 09:39:06 GMT
expires: Sat, 03 Feb 2024 09:39:06 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:55:05 GMT
content-type: font/woff2
age: 219950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 1.5 kB IP 93.184.220.29:0
Hash e44f61f1085094b9f2a28d4b2d727820
64486f7ea69e2f9f66fa6c63b36348462b0f8279
095f3b930757f4f10e8951780c610bffadfdc279676087e0f102a1a55a6c2b41
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3451
Cache-Control: max-age=144804
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:56 GMT
Etag: "63dfb691-116"
Expires: Tue, 07 Feb 2023 14:58:20 GMT
Last-Modified: Sun, 05 Feb 2023 14:00:49 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
joxi.imgsrcdata.com/crab/startscreen/cash-crab-logo.png
104.16.152.45200 OK 29 kB URL HTTP/2 joxi.imgsrcdata.com/crab/startscreen/cash-crab-logo.png
IP 104.16.152.45:0
Hash 00037629133fccf1239937bff21410a5
d7b0b25b24f8895c247890646100283eaf426db9
f9bc1e85d98d2450b0d04ebf496b3b58a01c11b0923123d55dc2e66f3d88dab2
GET /crab/startscreen/cash-crab-logo.png HTTP/1.1
Host: joxi.imgsrcdata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/webp
content-length: 28536
cache-control: max-age=1209600
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=29855
content-disposition: inline; filename="cash-crab-logo.webp"
etag: "630f1da0-749f"
expires: Thu, 09 Feb 2023 23:55:26 GMT
last-modified: Wed, 31 Aug 2022 08:36:48 GMT
vary: Accept
cf-cache-status: HIT
age: 289534
accept-ranges: bytes
server: cloudflare
cf-ray: 794f2c705918b511-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 60 kB IP 93.184.220.29:0
File type gzip compressed data, max compression\012- data
Hash 2e5299c267a5e06c970e2d87459ff677
94652abf9151d8f01d60d52e521268a5af005208
99e5e72c05c8c145380132ba0d3926f6c79cb1864571050d6b63c4086dd6efa8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:57 GMT
Etag: "63dfb691-116"
Server: ECS (amb/6BA2)
Content-Length: 278
static.zdassets.com/ekr/snippet.js?key=c54c017f-f217-47f5-a438-508cd2694b71
104.18.72.113200 OK 26 kB URL HTTP/2 static.zdassets.com/ekr/snippet.js?key=c54c017f-f217-47f5-a438-508cd2694b71
IP 104.18.72.113:0
File type ASCII text, with very long lines (23416), with no line terminators
Hash a570a3388ebdc2c16794bb1b1222fc54
2658c430eeb427f64fdce9fcec176f2f56084b32
6291800dc13079d73ef936b5c8b66c4ce6467c88cfc11ec80ceabab49f6e495d
GET /ekr/snippet.js?key=c54c017f-f217-47f5-a438-508cd2694b71 HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:56 GMT
content-type: application/javascript
x-amz-id-2: VYKORFZEK8ncQjbBiiAK6oiTYdRdkzwPfaxRM/jinB20cI8N0LqXAF6x6uRMZJVhRKA1YH5Ltb2qBhbqYLdq5g==
x-amz-request-id: EBZ4ZRD66V3TGNXR
x-amz-replication-status: COMPLETED
last-modified: Thu, 28 Jul 2022 23:44:02 GMT
etag: W/"5cae6ce528dce0c327b2bcbaad459fdb"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
cf-cache-status: HIT
age: 41
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytFiE%2BCeGFjwpfliL5Cna04VC8%2F99GYgulfM5%2FFKxLqyBwJc3%2B5ZviuiBdvFVvf9f4k9PMOZPBa3ZIZFLsQ8811UPfCLzdneD8ZIDVCKpVgV%2BWw%2FlCrfGC27tLmO%2BB3oPkDbl0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c6dab50b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__animals.jpg
104.16.152.45200 OK 125 kB URL HTTP/2 joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__animals.jpg
IP 104.16.152.45:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 125 kB (124920 bytes)
Hash 6d37ce026529f6dbc461f0a9e779ed52
ee72985a64bfbbe9259d251148d3b6636cf7c948
370323d75ec8339ce5c5e7bdc8dce370701bb98adc28c180b176fca76a40afd3
GET /crab/backgrounds/start-screen-desktop__animals.jpg HTTP/1.1
Host: joxi.imgsrcdata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/webp
content-length: 124920
cache-control: max-age=1209600
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=152171
content-disposition: inline; filename="start-screen-desktop__animals.webp"
etag: "623b0046-2526b"
expires: Thu, 26 Jan 2023 03:26:04 GMT
last-modified: Wed, 23 Mar 2022 11:11:02 GMT
vary: Accept
cf-cache-status: HIT
age: 1734668
accept-ranges: bytes
server: cloudflare
cf-ray: 794f2c706938b511-OSL
X-Firefox-Spdy: h2
joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__single_ball.jpg
104.16.152.45200 OK 156 kB URL HTTP/2 joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__single_ball.jpg
IP 104.16.152.45:0
Size 156 kB (156231 bytes)
Hash 173cbb1be8784a03d3f15f968aeb761f
60862b23883959a139511a1d71edc3125cf8fe1b
96a8987737768c5f99333a5234f50c04f305a28895653236d7b7b107c3868e96
GET /crab/backgrounds/start-screen-desktop__single_ball.jpg HTTP/1.1
Host: joxi.imgsrcdata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/jpeg
content-length: 151608
cache-control: max-age=1209600
cf-bgj: imgq:85,h2pri
cf-polished: origSize=154594, status=webp_bigger
etag: "623b0046-25be2"
expires: Thu, 26 Jan 2023 05:04:28 GMT
last-modified: Wed, 23 Mar 2022 11:11:02 GMT
cf-cache-status: HIT
age: 201441
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794f2c706941b511-OSL
X-Firefox-Spdy: h2
joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__balls.jpg
104.16.152.45200 OK 150 kB URL HTTP/2 joxi.imgsrcdata.com/crab/backgrounds/start-screen-desktop__balls.jpg
IP 104.16.152.45:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1920x1080, components 3\012- data
Size 150 kB (150149 bytes)
Hash 1292a0631ae7d8704f8ca13b149fb57c
c98f5a6566a16a6eac69cc24fa12dbe3eb6e9b8f
02c32655984641c0f36fde93be7d8bf9c83ab69211f8ebf5e0ae94c2c7ddca8a
GET /crab/backgrounds/start-screen-desktop__balls.jpg HTTP/1.1
Host: joxi.imgsrcdata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/jpeg
content-length: 150149
cache-control: max-age=1209600
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "623b0046-24a85"
expires: Sun, 05 Feb 2023 04:43:39 GMT
last-modified: Wed, 23 Mar 2022 11:11:02 GMT
cf-cache-status: HIT
age: 455489
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 794f2c70693eb511-OSL
X-Firefox-Spdy: h2
joxi.imgsrcdata.com/crab/startscreen/bonus-crab-logo.png
104.16.152.45200 OK 34 kB URL HTTP/2 joxi.imgsrcdata.com/crab/startscreen/bonus-crab-logo.png
IP 104.16.152.45:0
Hash 17bed12215eb1184807d510ebb7a0ee2
c0a16740be41f6fe9db22e1f4993c3735230bec5
34e7b33438072d09a7c8077934bceee3093add95ad24193cdb766dce52471ff1
GET /crab/startscreen/bonus-crab-logo.png HTTP/1.1
Host: joxi.imgsrcdata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/webp
content-length: 33602
cache-control: max-age=1209600
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=35463
content-disposition: inline; filename="bonus-crab-logo.webp"
etag: "630f1d9d-8a87"
expires: Fri, 10 Feb 2023 01:06:10 GMT
last-modified: Wed, 31 Aug 2022 08:36:45 GMT
vary: Accept
cf-cache-status: HIT
age: 289534
accept-ranges: bytes
server: cloudflare
cf-ray: 794f2c709985b511-OSL
X-Firefox-Spdy: h2
vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
143.204.55.105200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
IP 143.204.55.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash 112fdf47cdb80b9ce3d033ed09717460
3898efa86cbf1b64dc41a90a110ed5afd6f2ae13
3bfb2e882091d872eece2eee40084183a5fcb0a7ed98c1b004850751260a4cbb
GET /box-e031119f9e9e307a08fa610f85dbfb52.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1034
date: Fri, 03 Feb 2023 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "112fdf47cdb80b9ce3d033ed09717460"
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EpefE8Tp_bNF-2z3okZkQ90EH0mnp5YJSjc6J6IVJmEzqrMrteNbRw==
age: 207291
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=aeac8351d5c346986dd0a94ccd11ef15059dbfb8ffb50dcca583397eb60b91d1&ttl=&rurl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=aeac8351d5c346986dd0a94ccd11ef15059dbfb8ffb50dcca583397eb60b91d1&ttl=&rurl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=aeac8351d5c346986dd0a94ccd11ef15059dbfb8ffb50dcca583397eb60b91d1&ttl=&rurl=https%3A%2F%2Frabona.com%2Fau%2Fgames%3Fbtag%3D665691_956315E6AD30493BAD064A04C13DA909%26MSID%3D2055624%26BID%3D8727 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=352323fe6942454290b759845a8f7ec7; expires=Mon, 05 Feb 2024 22:44:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash ddc0ebe753b3fdfaa713da309209cc21
c172a544076afeebf9c418d41e7fbab5142fdf3a
7e993785c65ee71fd86e8ff1cc09a025793d5b6d81be70dfd7952376abc225cb
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 05 Feb 2023 22:44:57 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 04 Feb 2023 21:38:40 GMT
Expires: Sun, 05 Feb 2023 22:44:57 GMT
ETag: "c172a544076afeebf9c418d41e7fbab5142fdf3a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
bd873512-dd98-418c-b165-85d7f6f19487.seondnsresolve.com/
143.204.55.88200 OK 633 B URL HTTP/2 bd873512-dd98-418c-b165-85d7f6f19487.seondnsresolve.com/
IP 143.204.55.88:0
File type JSON data\012- , ASCII text, with very long lines (633), with no line terminators
Hash 193993d3271f42c9533176c0260eb011
f44554a4befa865ea3fe63623bb1d5f244b5533f
8260a357723f6555dbf1443814c5d2232f73b075c2c664308ffc03b5e1b45283
POST / HTTP/1.1
Host: bd873512-dd98-418c-b165-85d7f6f19487.seondnsresolve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 6181
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 633
date: Sun, 05 Feb 2023 22:44:57 GMT
x-amzn-requestid: 5dcad5d0-0a6c-4007-94d4-50ee72c1f10a
access-control-allow-origin: *
x-amz-apigw-id: f4yogFZJjoEF91Q=
x-amzn-trace-id: Root=1-63e03169-44af5020765561af1af93feb;Sampled=0
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uOqP-fypeUx8VV2r5QrjThw_snQmwpZtsgiWpn5VTkl00f8Vkade8g==
X-Firefox-Spdy: h2
logs-01.loggly.com/inputs/debbc84e-6972-4a5b-b44d-b1c38acfc61b/tag/crab-sdk-logger
52.10.127.183200 OK 19 B URL HTTP/1.1 logs-01.loggly.com/inputs/debbc84e-6972-4a5b-b44d-b1c38acfc61b/tag/crab-sdk-logger
IP 52.10.127.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b5efa112ce475f8bf73086a68521ea2e
4c4e7a9e8feb3e4595b4baf2db4466df001afa61
cdc7a3d8f9ce204e8853c2f7088b9c3fe488432314d1ea6c17cf8fd4ae179261
POST /inputs/debbc84e-6972-4a5b-b44d-b1c38acfc61b/tag/crab-sdk-logger HTTP/1.1
Host: logs-01.loggly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 358
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 22:44:57 GMT
Content-Type: text/html
Content-Length: 19
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Authorization,Host,Content-Type,X-Forwarded-For,X-LOGGLY-TAG,X-Real-IP
zz.connextra.com/Rabona/dcs/tagController/tagData/a63e00208e85
104.110.28.81200 OK 20 B URL HTTP/2 zz.connextra.com/Rabona/dcs/tagController/tagData/a63e00208e85
IP 104.110.28.81:0
Hash 163be0a88c70ca629fd516dbaadad96a
c8830ccf3a863e489ca37f4da572bad0e05d077b
ac73670af3abed54ac6fb4695131f4099be9fbe39d6076c5d0264a6bbdae9d83
POST /Rabona/dcs/tagController/tagData/a63e00208e85 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 43
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
server: istio-envoy
access-control-allow-credentials: true
access-control-allow-origin: https://rabona.com
vary: origin,accept-encoding
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
content-encoding: gzip
x-envoy-upstream-service-time: 2
expires: Sun, 05 Feb 2023 22:44:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 05 Feb 2023 22:44:57 GMT
content-length: 20
set-cookie: CxtId=9865e278-be24-4bf5-b77a-7130c2f645ca; Domain=.connextra.com; Expires=Tue, 04-Feb-2025 22:44:57 GMT; Path=/; Secure
Rabona=P%7Clandingpage%7C1%7C202302052244; Domain=.connextra.com; Expires=Mon, 05-Feb-2024 22:44:57 GMT; Path=/; Secure; HttpOnly
X-Firefox-Spdy: h2
pixel.mathtag.com/event/js?mt_id=1608151&mt_adid=257132&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
2.18.172.207200 OK 1.4 kB URL HTTP/1.1 pixel.mathtag.com/event/js?mt_id=1608151&mt_adid=257132&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
IP 2.18.172.207:0
Hash 0e94a75191a8f535f00354867ee35559
ecc77301c65404b1e23c13c98a8697039228d8b5
3ccfae01d419acdbbcab705df6452620af4dd426999de20b174d04693184db86
GET /event/js?mt_id=1608151&mt_adid=257132&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1439
Access-Control-Allow-Origin: *
Server: MT3 441 9053ffc master cdg-pixel-x32 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sun, 05 Feb 2023 22:44:56 GMT
Date: Sun, 05 Feb 2023 22:44:57 GMT
Connection: keep-alive
Set-Cookie: uuid=982a63e0-3169-4a00-b2cc-3cf7339fde69; domain=.mathtag.com; path=/; expires=Mon, 04-Mar-2024 22:44:57 GMT; SameSite=None; Secure
ocsp.digicert.com/
93.184.220.29200 OK 1.3 kB IP 93.184.220.29:0
Hash 52852ca45681f46c175d94c262c3622f
b5aa5842a8c138f5063289d58ab341d00e6b9126
4d2628450c1c499b384962c388ca3f1bda681ca4be981f6aeeeb7db422d661fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6027
Cache-Control: max-age=89076
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:44:58 GMT
Etag: "63ded2d3-1d7"
Expires: Mon, 06 Feb 2023 23:29:34 GMT
Last-Modified: Sat, 04 Feb 2023 21:49:07 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
37.252.172.123200 OK 1.3 kB URL HTTP/1.1 secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
IP 37.252.172.123:0
Hash e9e169a398b828d0dd49bd95751d7b5e
9d689a83c9b19db374894c448889439e069192db
6d34f3f496b2b33348114d89f19d67b92ae34bcc947171c8f99c6b19b4c4e100
GET /getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 22:44:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 88318b6f-f8b1-436e-ad3c-13dd7fed7ae8
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/seg?add=31192071&t=2
37.252.172.123307 Redirection 1.2 kB URL HTTP/1.1 secure.adnxs.com/seg?add=31192071&t=2
IP 37.252.172.123:0
Hash 13201d8fa5f4efebff1a3d7424a18c06
7b80741a6c72fa170ad01b33c3411465b111fef2
657c6e95f7e027a9d628fcc65335062bda6cea4ace6b02e6f6fd43e161629f22
GET /seg?add=31192071&t=2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 22:44:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31192071%26t%3D2
AN-X-Request-Uuid: 65630b6a-918c-492e-93fe-9903c6af125e
Set-Cookie: uuid2=2463162843110711514; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2023 22:44:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
sync.mathtag.com/sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D
185.29.134.248302 Moved Temporarily 367 B URL HTTP/1.1 sync.mathtag.com/sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D
IP 185.29.134.248:0
Hash 571ffd1416ab329bfe71fe862b1051b2
280fe28330de0a1ac8a0deaf03d2962c01fe87ac
03c1e4a7386df02a44e56ba98ada83a064296906a0ec140dcd1b9cd6d69694bf
GET /sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Sun, 05 Feb 2023 22:44:58 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 441 9053ffc master cdg-pixel-x34 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=e49463e0-316a-4300-86b3-02dda3569b26; domain=.mathtag.com; path=/; expires=Mon, 04-Mar-2024 22:44:58 GMT; SameSite=None; Secure
location: https://zz.connextra.com/sync/data/uid/6c883bd680/e49463e0-316a-4300-86b3-02dda3569b26
Expires: Sun, 05 Feb 2023 22:44:57 GMT
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 2.9 kB URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 82eec9b364add8c8b7aa8718e3ed067e
d5672edf11322ae763c8a80ab1888aba7760d1ca
8ac6a315d077ee7d20040217828209ec70750fc73550132639dcd1a990cea015
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 22:44:58 GMT
Last-Modified: Sun, 05 Feb 2023 21:03:59 GMT
Server: ECS (dcb/7F17)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bEeOrm0leXsgqFa74NCBrdEycR7sDvqzAvGWQh3dsRTZ13QMBXV0lg==
Age: 6059
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 1.9 kB URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5d9d44ab62873cc5e6d3efa8eda6cec6
294f52def2f4ba82c1fa46204ff9d8f8e8d75c70
d25cc04e8c26a4bf28a567280c7cea20478ecfa54eb2338487b79d8e994d73d8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 22:44:58 GMT
Last-Modified: Sun, 05 Feb 2023 21:49:46 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: M712KrOZg7JLuEsLNW-RvTFrzfKLkIKKkKOJf5HKm5z1uB_WFdmU4g==
Age: 3312
match.prod.bidr.io/cookie-sync/geniussports
52.213.128.95303 See Other 5.1 kB URL HTTP/1.1 match.prod.bidr.io/cookie-sync/geniussports
IP 52.213.128.95:0
Hash 9aa51f4547867f06d8abc4cc49f3b0a9
e8cb880106c315ed11ca794d252fd6c61b37f3fc
b82d481df88a1ab9b1288825de41e87372a929d520cac4e3ae95d9e73f74521e
GET /cookie-sync/geniussports HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Sun, 05 Feb 2023 22:44:58 GMT
location: https://match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Sun, 05 Feb 2023 22:54:58 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=
52.31.5.110303 See Other 495 B URL HTTP/1.1 segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=
IP 52.31.5.110:0
Hash deb7345554efbbaef10921704175a82b
fb1cabaa5352accdab27536501a3b30a2f9437e6
c282f2ab49fed30fb6de50f2427e85bc12dbd27f3bdd75124825cc98e54d9617
GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value= HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Sun, 05 Feb 2023 22:44:58 GMT
location: https://segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=&_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Sun, 05 Feb 2023 22:54:58 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
pixel.mathtag.com/sync/iframe?mt_uuid=982a63e0-3169-4a00-b2cc-3cf7339fde69&no_iframe=1&mt_adid=257132&source=mathtag
2.18.172.207200 OK 1.4 kB URL HTTP/1.1 pixel.mathtag.com/sync/iframe?mt_uuid=982a63e0-3169-4a00-b2cc-3cf7339fde69&no_iframe=1&mt_adid=257132&source=mathtag
IP 2.18.172.207:0
Hash 04cae3d8de09ba51f2aba11f0a490bb3
b9d3d9397f4a0d7ee6640406c64919ba0b3d3a16
989d05eed29cd828a7dfb4cd3978b4ce4442366e48966ffba6551cf0eecbdfa8
GET /sync/iframe?mt_uuid=982a63e0-3169-4a00-b2cc-3cf7339fde69&no_iframe=1&mt_adid=257132&source=mathtag HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 677
Access-Control-Allow-Origin: *
Server: MT3 441 9053ffc master cdg-pixel-x32 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sun, 05 Feb 2023 22:44:58 GMT
Date: Sun, 05 Feb 2023 22:44:59 GMT
Connection: keep-alive
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31192071%26t%3D2
37.252.172.123200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31192071%26t%3D2
IP 37.252.172.123:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D31192071%26t%3D2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 22:44:59 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b579c798-eb30-42f4-a50b-7fb846a2eda7
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2E?jFbH<y!@wnf-Te9(>wL5L!!'JG$chYT; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2023 22:44:59 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
52.213.128.95303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
IP 52.213.128.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/geniussports?_bee_ppp=1 HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Sun, 05 Feb 2023 22:44:59 GMT
location: https://zz.connextra.com/sync/data/uid/508a5e2dd5/
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
zz.connextra.com/sync/data/uid/6c883bd680/e49463e0-316a-4300-86b3-02dda3569b26
104.110.28.81200 OK 64 B URL HTTP/2 zz.connextra.com/sync/data/uid/6c883bd680/e49463e0-316a-4300-86b3-02dda3569b26
IP 104.110.28.81:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02
GET /sync/data/uid/6c883bd680/e49463e0-316a-4300-86b3-02dda3569b26 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 1
server: istio-envoy
expires: Sun, 05 Feb 2023 22:44:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 05 Feb 2023 22:44:59 GMT
content-length: 64
set-cookie: CxtId=6a4f1893-36bb-4807-ac36-6d23cccf12c6; Domain=.connextra.com; Expires=Mon, 05-Feb-2024 22:44:59 GMT; Path=/; Secure
ex_uuid=6c883bd680%2Ce49463e0-316a-4300-86b3-02dda3569b26; Domain=.connextra.com; Expires=Mon, 05-Feb-2024 22:44:59 GMT; Path=/; Secure
X-Firefox-Spdy: h2
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=&_bee_ppp=1
52.31.5.110200 OK 43 B URL HTTP/1.1 segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=&_bee_ppp=1
IP 52.31.5.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1788&value=&_bee_ppp=1 HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
cache-control: no-cache, must-revalidate
content-type: image/gif
Date: Sun, 05 Feb 2023 22:44:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma: no-cache
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 43
Connection: keep-alive
pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
2.18.172.207200 OK 0 B URL HTTP/1.1 pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
IP 2.18.172.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comp/img?mt_id=99&ns=xx&bcdv=0 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=982a63e0-3169-4a00-b2cc-3cf7339fde69&no_iframe=1&mt_adid=257132&source=mathtag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 0
Access-Control-Allow-Origin: *
Server: MT3 441 9053ffc master cdg-pixel-x31 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sun, 05 Feb 2023 22:44:58 GMT
Date: Sun, 05 Feb 2023 22:44:59 GMT
Connection: keep-alive
Set-Cookie: uuid=bb2563e0-316b-4f00-ab96-4e3a377d8a29; domain=.mathtag.com; path=/; expires=Mon, 04-Mar-2024 22:44:59 GMT; SameSite=None; Secure
zz.connextra.com/sync/data/uid/508a5e2dd5/
104.110.28.81200 OK 64 B URL HTTP/2 zz.connextra.com/sync/data/uid/508a5e2dd5/
IP 104.110.28.81:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02
GET /sync/data/uid/508a5e2dd5/ HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 0
server: istio-envoy
expires: Sun, 05 Feb 2023 22:45:00 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 05 Feb 2023 22:45:00 GMT
content-length: 64
set-cookie: CxtId=444bf1cd-7651-47af-9465-755c3dcbf179; Domain=.connextra.com; Expires=Mon, 05-Feb-2024 22:44:59 GMT; Path=/; Secure
X-Firefox-Spdy: h2
pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
2.18.172.207200 OK 0 B URL HTTP/1.1 pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
IP 2.18.172.207:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comp/img?mt_id=99&ns=xx&bcdv=0 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 0
Access-Control-Allow-Origin: *
Server: MT3 441 9053ffc master cdg-pixel-x35 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sun, 05 Feb 2023 22:44:59 GMT
Date: Sun, 05 Feb 2023 22:45:00 GMT
Connection: keep-alive
Set-Cookie: uuid=d4d963e0-316c-4b00-a96f-b0199084cfe7; domain=.mathtag.com; path=/; expires=Mon, 04-Mar-2024 22:45:00 GMT; SameSite=None; Secure
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f14ea34033c1b9e4b12730de284dbbb8
dd5a183ca7880e12e50ce9a9ac1b17c7c4bc3ff5
e918caa1842e4a9c38ec1870f51b64e130be3a59a9e1c85263b81a1df513c7c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 22:45:00 GMT
Server: ECS (amb/6BA1)
Content-Length: 279
rabona.com/socket/?lang=au&EIO=3&transport=websocket
45.8.106.46101 Switching Protocols 0 B URL HTTP/1.1 rabona.com/socket/?lang=au&EIO=3&transport=websocket
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket/?lang=au&EIO=3&transport=websocket HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rabona.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bAtE4MTayGy84MGDsp2bdA==
Connection: keep-alive, Upgrade
Cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y; data=38d26bdc9d6c83107ce53750a45fff67; _ga_XF54YG8FKL=GS1.1.1675637138.1.0.1675637138.60.0.0; _ga=GA1.2.1446999193.1675637138; _gid=GA1.2.706427698.1675637138; _dc_gtm_UA-151907223-1=1; _hjSessionUser_2145302=eyJpZCI6ImNlYjQ3YzAzLWNhMTUtNTI5ZS04MjgxLWRlYzZhM2I5ODQzOSIsImNyZWF0ZWQiOjE2NzU2MzcxMzg3MjQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2145302=eyJpZCI6ImRjMDQxYjgxLWFlYjYtNGU3OS05Y2JhLThjMmEyNzdhYThmMyIsImNyZWF0ZWQiOjE2NzU2MzcxMzk0MjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 05 Feb 2023 22:45:00 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ldltrjXgRqmhJ8CaaXX+RBHnMFk=
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794f2c884be30b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
rabonasupport.zendesk.com/embeddable/config
104.16.51.111200 OK 4.4 kB URL HTTP/2 rabonasupport.zendesk.com/embeddable/config
IP 104.16.51.111:0
File type JSON data\012- , ASCII text, with very long lines (715), with no line terminators
Hash dc48af4458d60419b47a4322b84bfac2
de1d0d93cf20d7354e6f8f93278923d31f769784
28d43540092f41c5cc671ba6eefb4707be701285d39d55e5e049253433e69e6b
GET /embeddable/config HTTP/1.1
Host: rabonasupport.zendesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/
Origin: https://rabona.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:00 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers:
access-control-max-age: 7200
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
x-zendesk-origin-server: embeddable-app-server-56d68c947b-6hjst
x-request-id: 794f2c87fc38b52d-DUB
x-runtime: 0.001584
vary: Origin, Accept-Encoding
x-cached: MISS
last-modified: Sun, 05 Feb 2023 22:41:55 GMT
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSLQkemesNoM0eVvXBCz6ZVKS5VreqvbGfTYp0TXmCVdQGCrUZ4Yj9d0mfwI%2B3HD1DCqj3SE5xVj9m6pvVfoY7lNuEqvJgeXIRxyNAub9uj6PcEX1niwe8xCONl6kX0sqRHCBAuBA8Rr7bU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=6968c25b6dc198bf60fb0d76e12f5716f279bab0-1675637100; path=/; domain=.rabonasupport.zendesk.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794f2c87fc38b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com/sealassets/60981a86acdbd3eb7e26b2eb42a8b836-rabona.com-edea40ffba5cac603746bd0143c8e8411d0becc6db4fecc9bfc06c65429f150619be5882a108cd58b459e8371ef4743a-c2VhbC5wbmc%3D?status=valid
54.230.111.56200 OK 46 kB URL HTTP/2 1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com/sealassets/60981a86acdbd3eb7e26b2eb42a8b836-rabona.com-edea40ffba5cac603746bd0143c8e8411d0becc6db4fecc9bfc06c65429f150619be5882a108cd58b459e8371ef4743a-c2VhbC5wbmc%3D?status=valid
IP 54.230.111.56:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 375b5b5bcd1d5179f5b789e4c28ca6df
f52bfd097b13f83fa43714f59786efa4082f55a1
f7acaa7ace617964cd79de3287bfa740f1d3fbcbed82ea1d09cd94058d4b1281
GET /sealassets/60981a86acdbd3eb7e26b2eb42a8b836-rabona.com-edea40ffba5cac603746bd0143c8e8411d0becc6db4fecc9bfc06c65429f150619be5882a108cd58b459e8371ef4743a-c2VhbC5wbmc%3D?status=valid HTTP/1.1
Host: 1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 46382
date: Sun, 05 Feb 2023 22:45:00 GMT
x-powered-by: Express
cache-control: max-age=1200
etag: W/"b52e-9Sv9CXsT+D+kNxT1l4bvpAgvVaE"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 794f2c88f8202c3f-FRA
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MjHJ0taJgIiX6yJwm9ku0vbdCPvPGBQ_xRqjheIWCG6dAEzbeMO5sg==
X-Firefox-Spdy: h2
rabonasupport.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY2hhdCI6eyJkZXBhcnRtZW50cyI6eyJlbmFibGVkIjpbXSwic2VsZWN0IjoiY3VyYWNhbyArIEVOLUdCIn19LCJjb2xvciI6eyJ0aGVtZSI6IiMyQTM5NEUifX19LCJidWlkIjoiMzc0YmI4MGZhYzk4NGEwZGJkNjBlMzI3NDNjZDUzODYiLCJzdWlkIjoiYzQ2OGRmZGJjMzlhNDJlNjg0Mjk0NjRkYjMyZmZmNzIiLCJ2ZXJzaW9uIjoiMzRjOTFkMyIsInRpbWVzdGFtcCI6IjIwMjMtMDItMDVUMjI6NDU6NDMuNDQwWiIsInVybCI6Imh0dHBzOi8vcmFib25hLmNvbS9hdS9nYW1lcz9idGFnPTY2NTY5MV85NTYzMTVFNkFEMzA0OTNCQUQwNjRBMDRDMTNEQTkwOSZNU0lEPTIwNTU2MjQmQklEPTg3MjcifQ%3D%3D
104.16.51.111200 OK 0 B URL HTTP/2 rabonasupport.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY2hhdCI6eyJkZXBhcnRtZW50cyI6eyJlbmFibGVkIjpbXSwic2VsZWN0IjoiY3VyYWNhbyArIEVOLUdCIn19LCJjb2xvciI6eyJ0aGVtZSI6IiMyQTM5NEUifX19LCJidWlkIjoiMzc0YmI4MGZhYzk4NGEwZGJkNjBlMzI3NDNjZDUzODYiLCJzdWlkIjoiYzQ2OGRmZGJjMzlhNDJlNjg0Mjk0NjRkYjMyZmZmNzIiLCJ2ZXJzaW9uIjoiMzRjOTFkMyIsInRpbWVzdGFtcCI6IjIwMjMtMDItMDVUMjI6NDU6NDMuNDQwWiIsInVybCI6Imh0dHBzOi8vcmFib25hLmNvbS9hdS9nYW1lcz9idGFnPTY2NTY5MV85NTYzMTVFNkFEMzA0OTNCQUQwNjRBMDRDMTNEQTkwOSZNU0lEPTIwNTU2MjQmQklEPTg3MjcifQ%3D%3D
IP 104.16.51.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY2hhdCI6eyJkZXBhcnRtZW50cyI6eyJlbmFibGVkIjpbXSwic2VsZWN0IjoiY3VyYWNhbyArIEVOLUdCIn19LCJjb2xvciI6eyJ0aGVtZSI6IiMyQTM5NEUifX19LCJidWlkIjoiMzc0YmI4MGZhYzk4NGEwZGJkNjBlMzI3NDNjZDUzODYiLCJzdWlkIjoiYzQ2OGRmZGJjMzlhNDJlNjg0Mjk0NjRkYjMyZmZmNzIiLCJ2ZXJzaW9uIjoiMzRjOTFkMyIsInRpbWVzdGFtcCI6IjIwMjMtMDItMDVUMjI6NDU6NDMuNDQwWiIsInVybCI6Imh0dHBzOi8vcmFib25hLmNvbS9hdS9nYW1lcz9idGFnPTY2NTY5MV85NTYzMTVFNkFEMzA0OTNCQUQwNjRBMDRDMTNEQTkwOSZNU0lEPTIwNTU2MjQmQklEPTg3MjcifQ%3D%3D HTTP/1.1
Host: rabonasupport.zendesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:01 GMT
content-length: 0
access-control-allow-origin: *
vary: Origin, Accept-Encoding
x-zendesk-zorg: yes
x-request-id: 794f2c8a9ed0b52d-DUB
last-modified: Sun, 05 Feb 2023 22:45:01 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATxB5ck3UchoeuPKRNxM21y1Eo4M5IcqMP7gpAvsb8hYvSnipe66iyuf%2BtqW%2BJS4%2Fa0PW2tcnpty7gf0CEtGEE7sZtgeLeW7NFCR0kvnMqQqa9pB0PBmMiNVWAET6EiR%2FrATIbcb%2F8r13Lo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=13ec409cc630bcba165483b1857fbf844c93769a-1675637101; path=/; domain=.rabonasupport.zendesk.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 794f2c8a9ed0b52d-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 31da7016f50b1bc71bef982f5de8694f
4026d75dcc3bd82e97998f41101fcb7ee57216cd
6d459d23da845f231e07d14656eaa109cc2aae0b54064ae33b81faa3fb28f7c4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=102446
Date: Sun, 05 Feb 2023 22:45:01 GMT
Etag: "63df1209-1d7"
Expires: Tue, 07 Feb 2023 03:12:27 GMT
Last-Modified: Sun, 05 Feb 2023 02:18:49 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vNI_gUnM6Gt9ziymmkrMoHVFBuZVHSIMTjHr5QEfcLI9HMtq0Qni_Q==
Age: 3218
manager.eu.smartlook.cloud/rec/setup-recording/website
52.28.150.122200 OK 70 B URL HTTP/1.1 manager.eu.smartlook.cloud/rec/setup-recording/website
IP 52.28.150.122:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 536ea6acc350b7cd088bb192cc72b759
9c01c4c8d9ee1839d8a6f547219baee07a7de63e
ffda52cd15f4fdd13595223661990ed34c1949a66b38d7a2c8fa02a0712a03e9
POST /rec/setup-recording/website HTTP/1.1
Host: manager.eu.smartlook.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://rabona.com
Content-Length: 122
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Request, X-Requested-With, Content-Type, Cookie
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://rabona.com
Access-Control-Expose-Headers: Retry-After
Content-Encoding: br
Content-Type: application/json; charset=utf-8
Date: Sun, 05 Feb 2023 22:45:01 GMT
Retry-After: 3600
sl-trace-id: jjl8PH_TAJgIsYP1MDIY9
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 70
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 1b19754508d5e00ac7ccc5c05916cbf1
a75691a48f432e080594e96c24936a3c90a4752f
2faaff7ec288ffb382e263bc2eae632d1e033a359fe1fc412ddc7130cff5ca80
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159168
Date: Sun, 05 Feb 2023 22:45:01 GMT
Etag: "63dfe4e9-1d7"
Expires: Tue, 07 Feb 2023 18:57:49 GMT
Last-Modified: Sun, 05 Feb 2023 17:18:33 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: U_ClmOb0q72Q48fOUMScAmwkdEALu13rz95t-ZSi9tFjbkhST5TFzg==
Age: 5956
widget-mediator.zopim.com/s/W/ws/rr2nffllAbGo5rmX/c/1675637143627
3.75.8.181101 Switching Protocols 0 B URL HTTP/1.1 widget-mediator.zopim.com/s/W/ws/rr2nffllAbGo5rmX/c/1675637143627
IP 3.75.8.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/W/ws/rr2nffllAbGo5rmX/c/1675637143627 HTTP/1.1
Host: widget-mediator.zopim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rabona.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NvJ1twOXb4cB2//6qvmBxA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 05 Feb 2023 22:45:01 GMT
Connection: upgrade
Set-Cookie: AWSALB=Giz0msScy3bIEITA0LBWl1W5a+WhVqzb1pt+PeOKW2Eo7MEA/0vwjGYVXidpWd3y4ocLLNRLcJlAPx9qU7oHtC2kVVbwtwhexukiacBETYmPEmdYTiNHZqDUzG89; Expires=Sun, 12 Feb 2023 22:45:01 GMT; Path=/
AWSALBCORS=Giz0msScy3bIEITA0LBWl1W5a+WhVqzb1pt+PeOKW2Eo7MEA/0vwjGYVXidpWd3y4ocLLNRLcJlAPx9qU7oHtC2kVVbwtwhexukiacBETYmPEmdYTiNHZqDUzG89; Expires=Sun, 12 Feb 2023 22:45:01 GMT; Path=/; SameSite=None; Secure
Upgrade: websocket
Sec-WebSocket-Accept: iqC0eWmexuwwVVbG2hbdKfwGUpg=
Sec-WebSocket-Version: 13
WebSocket-Server: uWebSockets
1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com/apg-seal.js
54.230.111.56200 OK 112 kB URL HTTP/2 1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com/apg-seal.js
IP 54.230.111.56:0
Size 112 kB (112010 bytes)
Hash c2afe2c281c13fa7f9d302ae3c085d33
401c49b55b422a4b328b21e6e81abfd97c761df9
3f216e1435b177499404d87e783b8e499035dfec9f34912625cd88bb3e95ff26
GET /apg-seal.js HTTP/1.1
Host: 1112faac-822b-4135-a749-0cd834e376f7.snippet.antillephone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Sun, 05 Feb 2023 22:45:00 GMT
x-powered-by: Express
cache-control: max-age=300
etag: W/"bd3-rRcNKf6ULJFD3LzfIsz265KbSz8"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 794f2c885c352c32-FRA
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dQkkv6MC95NjHo0SnSgwLlGay9bK1BKrSOwJVgcdCeBJGu_9_ksPRg==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 3299
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rabona.com/funid-index.css?t=1674827460663
45.8.106.46200 OK 0 B URL HTTP/2 rabona.com/funid-index.css?t=1674827460663
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
GET /funid-index.css?t=1674827460663 HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/css
cf-ray: 794f2c63fb0ab4f4-OSL
access-control-allow-origin: *
age: 1
etag: W/"63d3ec1f-24dd"
last-modified: Fri, 27 Jan 2023 15:22:07 GMT
set-cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y
vary: null, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=9437
cf-revalidated: Sun Feb 05 2023 22:44:54 GMT+0000 (Coordinated Universal Time)
cf-ttl: 1675637154936
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Jost:wght@800&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Jost:wght@800&display=swap
IP 142.250.74.74:0
GET /css2?family=Jost:wght@800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 22:44:55 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
IP 104.18.72.113:0
GET /web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:00 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: ndff87uIS/sesGzUKeSADcGds13tZiq25CUrjWZEdXa2jMUAkmL2pmb5JKzj+ohOz6faFpkS9ww=
x-amz-request-id: MJRJ9ZGS34G4N411
x-amz-replication-status: COMPLETED
last-modified: Mon, 30 Jan 2023 01:09:01 GMT
etag: W/"5c97db2a2d29c595e26430d1c8358d6a"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 30 Jan 2024 01:09:00 GMT
x-amz-version-id: 1cCOlxhNqu17ys_QySYbf1YbpGnPAUXV
cf-cache-status: HIT
age: 406928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E49XI2HnpG%2FqsXNUsOh%2Fidc2HM2rBGhw5WQiA9bo0065OqyHezRf9pwbd9Aa6ML093j70Zid82l8uTU0mh8WczvBPoCKg4W3EjSf1cE9OCm5sqvHPE5pX9ooAmNMG6zZ%2FJDRBtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c85f97fb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-34c91d3.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-34c91d3.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-chat-incoming-message-notification-34c91d3.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:03 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: cJPl58f1Z/0sqIdUecCLv4quM2PK+wq3pTKGh7joMMBk9lLWnDUnJx2V9E5xs0ZBmxG5+X67qmQiDkGQA6Ym8Q==
x-amz-request-id: 8SC6VZS6VZW7TZQH
x-amz-replication-status: COMPLETED
last-modified: Mon, 30 Jan 2023 01:11:44 GMT
etag: W/"659635f5ad1b6653645380f46aa42236"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 30 Jan 2024 01:11:43 GMT
x-amz-version-id: xcNPO7Jko.vSxuLt0DB2ypeRYH_2idj5
cf-cache-status: HIT
age: 406928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6VbBvuwFcp4xN7Mtt2xOJisaLpNbwpvD4rxMgyDNbkBo2UA8x9yjEoHn%2BGgqNZlHO3EOccptw4yzTGp3bt0lrSUbxV%2BgG0QB3dCWwuBKs2qmXgcUXyYN9msJ58zdFhqmjA60Ro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c961d07b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2145302.js?sv=6
143.204.55.37200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2145302.js?sv=6
IP 143.204.55.37:0
GET /c/hotjar-2145302.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Sun, 05 Feb 2023 22:43:59 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/b1dff30903cff052758b948ffdfac3f7
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 23cDaJGqkp9eB8ynj-mnAAcPA3boraYp6LT2hiSTERQJ2WpUGL-Dvw==
age: 57
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-chat-sdk-34c91d3.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-chat-sdk-34c91d3.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-chat-sdk-34c91d3.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:01 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 5Q2KsWrkmrWTiYVRLyXyCI/rMs3+B9hjg0s80kwkbyjooUCh5ERMvYHuuJOp3Lj7ZZLHDIYGSG0=
x-amz-request-id: 8SCA84J1BTNRMEF1
x-amz-replication-status: COMPLETED
last-modified: Mon, 30 Jan 2023 01:11:44 GMT
etag: W/"d366c0776c2bacba354d40e564c3d3e6"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 30 Jan 2024 01:11:43 GMT
x-amz-version-id: 7IG5ZMdUlemQ4ejtzcD59BhvR7ULO8qs
cf-cache-status: HIT
age: 406927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uERJvqpeua9tlFLk90obiGG0Bj1PskNxO%2Bi0CZtNhFSa11JLJxR49aD2mkhRFVUIzwl9qBqkgJhxJzbLMdb1oMNoNdfpMEZBITBcsH9UMVt90HVKs4KQALNfbIKdO1IjG6qCQeQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c8ada60b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
34.120.237.76200 OK 0 B URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
IP 34.120.237.76:0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11481
x-amzn-requestid: b50de2d1-c23b-4908-8fc3-e84eea0382a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRFL-oAMFnSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-0254cda141886e0f39e8f8b3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KIJ6iTpVC0gVV6Q0dd_-ZTWkwm3q0vP52N3088Rd7O9pb8D39XfnBg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 3292
etag: "9f7247a3bb9248cd281c568ebba6e52b38b00149"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rabona.com/splashscreen.css?t=1674827460663
45.8.106.46200 OK 0 B URL HTTP/2 rabona.com/splashscreen.css?t=1674827460663
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
GET /splashscreen.css?t=1674827460663 HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/css
cf-ray: 794f2c63eafeb4f4-OSL
access-control-allow-origin: *
age: 1
etag: W/"63d3ec1f-1194"
last-modified: Fri, 27 Jan 2023 15:22:07 GMT
set-cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y
vary: null, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-revalidated: Sun Feb 05 2023 22:44:54 GMT+0000 (Coordinated Universal Time)
cf-ttl: 1675637154936
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rabona.com/_sprite.css?t=1674827460663
45.8.106.46200 OK 0 B URL HTTP/2 rabona.com/_sprite.css?t=1674827460663
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
GET /_sprite.css?t=1674827460663 HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:55 GMT
content-type: text/css
cf-ray: 794f2c63eb08b4f4-OSL
access-control-allow-origin: *
age: 1
etag: W/"63d3ec1f-8b8d9"
last-modified: Fri, 27 Jan 2023 15:22:07 GMT
set-cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y
vary: null, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-revalidated: Sun Feb 05 2023 22:44:54 GMT+0000 (Coordinated Universal Time)
cf-ttl: 1675637154936
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-8165-34c91d3.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-8165-34c91d3.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-8165-34c91d3.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:45:00 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: fchTH8ZKP5XzJ9X5tMP8Gb0FrLmWduzX+toUb4CYjGPL2cSNUiJ5dwSXuHr879IrNtt8Or/pLvv3dgxnRitbqg==
x-amz-request-id: 8SCCQPT6TR1YFJ84
x-amz-replication-status: COMPLETED
last-modified: Mon, 30 Jan 2023 01:11:44 GMT
etag: W/"d519ea27f763cb6ec80aeec5b45213a7"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 30 Jan 2024 01:11:43 GMT
x-amz-version-id: tYOSfzpt5WjSOWaRj9efQMLiLa0r_8B0
cf-cache-status: HIT
age: 406927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMQH7q3K%2BGiFtziEoiHwoyVAUkCpYmYpVbRSGskNJFYwXBbk1rIROoRzY%2FB%2F0DsQWJ2uNT72V%2BKz7zpYQgoV%2FbSXf1OoZNTLMSt5K0J3mAQw7UtEkYPHKJcNicOs7kiwtTFYXc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c88dec2b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
click.megawin168.com/?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE=
170.187.185.18200 OK 0 B URL HTTP/2 click.megawin168.com/?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE=
IP 170.187.185.18:0
GET /?t=c&ids=NjM5MDMzMjA5__MTU0Nzg=__MjE5NzM4NTM=__NzE3__401&url=aHR0cHMlM0ElMkYlMkZhdS1vbmxpbmUtY2FzaW5vcy5jb20lMkZyYWJvbmE= HTTP/1.1
Host: click.megawin168.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 22:44:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
ekr.zdassets.com/compose/c54c017f-f217-47f5-a438-508cd2694b71
104.18.70.113200 OK 0 B URL HTTP/2 ekr.zdassets.com/compose/c54c017f-f217-47f5-a438-508cd2694b71
IP 104.18.70.113:0
GET /compose/c54c017f-f217-47f5-a438-508cd2694b71 HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rabona.com
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:57 GMT
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers:
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
cache-control: max-age=600, public, stale-while-revalidate=600, stale-if-error=21600
etag: W/"02d343812a1ffcf83b0f6669c0b39f0c"
x-request-id: 792a08a5dcbf0b59-SEA, 792a08a5dcbf0b59-SEA
x-runtime: 0.003004
vary: Origin, Accept-Encoding
x-zendesk-zorg: yes
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BmsLBAUsGkFX6Uahb1Q3XATnelfgbI%2B69D9UMY43jagTiK1YvmPMQD5JYbv1om%2BvcawxuxEVK970k2oBHZdl3UN%2FWr63eltmk8wPA%2BZJ%2F7lJr3dPVLW1trz0CrkC4Gt4fg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 794f2c718872b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Pacifico&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Pacifico&display=swap
IP 142.250.74.74:0
GET /css2?family=Pacifico&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rabona.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 22:44:55 GMT
date: Sun, 05 Feb 2023 22:44:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
45.8.106.46200 OK 0 B URL HTTP/2 rabona.com/au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727
IP 45.8.106.46:0
ASN #209242 Cloudflare London, LLC
GET /au/games?btag=665691_956315E6AD30493BAD064A04C13DA909&MSID=2055624&BID=8727 HTTP/1.1
Host: rabona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://au-online-casinos.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 22:44:54 GMT
content-type: text/html
cf-ray: 794f2c634a19b4f4-OSL
age: 10963
last-modified: Fri, 27 Jan 2023 15:22:07 GMT
set-cookie: _cf_reyid=fKj4xWG0Uqy8Pkm4dtqcgcsmVBLX6XFlnPj823bBY0kWwZPCi6jZyHhW+jQP7w1Y
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: null, Accept-Encoding
cf-cache-status: HIT
cf-revalidated: Sun Feb 05 2023 19:42:11 GMT+0000 (Coordinated Universal Time)
cf-ttl: 1675626191440
content-security-policy: frame-ancestors 'self' rabona.com m.rabona.com
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2