Overview

URL18bc8.hredcc.wy5532.com/
IP 185.107.56.199 (Netherlands)
ASN#43350 NForce Entertainment B.V.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 19:46:55 UTC
StatusLoading report..
IDS alerts0
Blocklist alert4
urlquery alerts No alerts detected
Tags None

Domain Summary (13)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-12-04 18:16:38 UTC 142.250.74.106
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
18bc8.hredcc.wy5532.com (3) 0 2022-12-04 19:38:16 UTC 2022-12-04 19:38:16 UTC 172.93.103.100 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-04 17:12:40 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-04 17:12:39 UTC 34.117.237.239
dipaka-ead.com (3) 0 2022-10-31 13:23:43 UTC 2022-12-04 14:19:04 UTC 3.212.50.125 Unknown ranking
web.countertrck.com (1) 606732 No data No data 18.193.235.10
ocsp.pki.goog (2) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.242.3.166
www.nuggitgames.com (15) 0 2017-08-18 12:18:49 UTC 2022-12-04 15:04:00 UTC 138.201.157.209 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 18bc8.hredcc.wy5532.com/ Malware
2022-12-04 2 www.nuggitgames.com/ngsskm/no/alert.ogg Phishing
2022-12-04 2 www.nuggitgames.com/ngsskm/no/sounds/win.mp3 Phishing
2022-12-04 2 www.nuggitgames.com/ngsskm/no/sounds/spin.mp3 Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.107.56.199
Date UQ / IDS / BL URL IP
2023-01-31 15:20:08 +0000 0 - 0 - 1 yqvoess.aa.wy5532.com/ 185.107.56.199
2023-01-31 13:45:51 +0000 0 - 0 - 2 mkuu.626e0.rt.wy5532.com/ 185.107.56.199
2023-01-31 08:57:24 +0000 0 - 0 - 1 re6ff3e.vz.wy5532.com/ 185.107.56.199
2023-01-31 05:59:37 +0000 0 - 0 - 3 qwqwq.311e3.sn.wy5532.com/ 185.107.56.199
2023-01-30 23:41:13 +0000 0 - 0 - 3 edcvr25789.by.wy5532.com/ 185.107.56.199


Last 5 reports on ASN: NForce Entertainment B.V.
Date UQ / IDS / BL URL IP
2023-02-03 12:47:21 +0000 0 - 2 - 7 info.seroteforoh.com/?v=1.02&c=dcbf5a30&at=15 (...) 77.247.179.82
2023-02-03 11:58:46 +0000 0 - 0 - 3 andicomedicalsuppliers.com/chromestre/41on892 (...) 185.107.56.53
2023-02-03 10:34:25 +0000 0 - 0 - 3 inzestmuschis.com/inzest-porno/die-milf-und-i (...) 185.107.56.59
2023-02-03 03:27:00 +0000 0 - 2 - 6 rp.seroteforoh.com/?pcrc=1950872687&v=2.0 77.247.179.84
2023-02-02 19:57:11 +0000 0 - 0 - 2 ohadv.com/caign/camp.php 185.107.56.60


Last 5 reports on domain: wy5532.com
Date UQ / IDS / BL URL IP
2023-02-02 10:55:45 +0000 0 - 0 - 1 qwqee.1e534.tv.wy5532.com/ 37.48.65.148
2023-02-02 04:11:22 +0000 0 - 0 - 1 rhuugcf.wy5532.com/ 81.171.22.5
2023-02-02 02:43:33 +0000 0 - 0 - 3 2490b.zz.wy5532.com/ 37.48.65.149
2023-02-02 00:45:04 +0000 0 - 0 - 3 uyclvmqe.tt.wy5532.com/ 199.115.115.116
2023-02-02 00:17:09 +0000 0 - 0 - 3 1de74.moedcc.wy5532.com/ 81.171.22.5


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-03 05:11:16 +0000 0 - 0 - 4 faderwear.com/a/jiaxiaofengcai/xiaoyuanfengca (...) 81.171.22.7
2023-02-02 04:42:43 +0000 0 - 1 - 7 tawreedss.com/PDF/65747937d5e8c967ce822962d91 (...) 212.32.237.91
2023-02-01 04:34:45 +0000 0 - 0 - 4 zcvbnnn.5140c.zi.wy5532.com/ 185.107.56.198
2023-01-31 04:12:44 +0000 0 - 0 - 4 d18z2.drofortho.com/ 93.115.28.104
2023-01-30 03:51:49 +0000 0 - 1 - 3 appx.koreasys0.com/app.asp?prj=2&pid=cm1&logd (...) 212.32.237.91

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (45)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: 18bc8.hredcc.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=58f8760c-73c9-11ed-9f17-1ff41fa4998d
Upgrade-Insecure-Requests: 1

search
                                         172.93.103.100
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 484
date: Sun, 04 Dec 2022 19:46:44 GMT
server: nginx


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (484), with no line terminators
Size:   484
Md5:    71aa7d6e7bb17e4840d7c0c7ed1e7c49
Sha1:   baa6dfcc555266a7b8e6c660359eee71eb8c819b
Sha256: bf8347f781b04026707ddad67b2be663770eb9966b72738d558d8a854c14ff80

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18692
Expires: Mon, 05 Dec 2022 00:58:16 GMT
Date: Sun, 04 Dec 2022 19:46:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5078
Cache-Control: max-age=144551
Date: Sun, 04 Dec 2022 19:46:44 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:55:55 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 19:18:24 GMT
cache-control: public,max-age=3600
age: 1700
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14650
Expires: Sun, 04 Dec 2022 23:50:54 GMT
Date: Sun, 04 Dec 2022 19:46:44 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: PLVAf0maEv10HIDOGiZARYyalkKziYmMER0iuPeNMvjIWqpsWA9Ewi3xXwxXYqr5azBDhgzUkhQ=
x-amz-request-id: S77WVCBT3P7WJFAF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 18:47:05 GMT
age: 3579
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 19:46:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: 18bc8.hredcc.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18bc8.hredcc.wy5532.com/
Cookie: sid=58f8760c-73c9-11ed-9f17-1ff41fa4998d

search
                                         172.93.103.100
HTTP/1.1 404 Not Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 04 Dec 2022 19:46:44 GMT
server: nginx


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    d8f4a1993546cc4b850cde3599e27aec
Sha1:   094b763b4cfcc0b05e5d040581cd513c3ca08067
Sha256: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 19:11:19 GMT
cache-control: public,max-age=3600
age: 2126
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5074
Cache-Control: 'max-age=158059'
Date: Sun, 04 Dec 2022 19:46:45 GMT
Last-Modified: Sun, 04 Dec 2022 18:22:11 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDE5MDQwNCwiaWF0IjoxNjcwMTgzMjA0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21xdGhrbWU2dWxsNW1uc2MxbG1nYzgiLCJuYmYiOjE2NzAxODMyMDQsInRzIjoxNjcwMTgzMjA0Nzc1MDUwfQ.tMsmgAKvSJj7XvJm8H_XmYnmLEP_cdtyLi7YnogECeU&sid=58f8760c-73c9-11ed-9f17-1ff41fa4998d HTTP/1.1 
Host: 18bc8.hredcc.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18bc8.hredcc.wy5532.com/
Cookie: sid=58f8760c-73c9-11ed-9f17-1ff41fa4998d
Upgrade-Insecure-Requests: 1

search
                                         172.93.103.100
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 04 Dec 2022 19:46:45 GMT
location: http://dipaka-ead.com/zcvisitor/620137fb-740c-11ed-aec1-12cafe9a7ba3/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5dbc150-6f19-11e8-9eb3-0e497388635c
server: nginx
set-cookie: sid=58f8760c-73c9-11ed-9f17-1ff41fa4998d; path=/; domain=.wy5532.com; expires=Fri, 22 Dec 2090 23:00:52 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tFUz4EjGTGRl0s1eHo0slg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.242.3.166
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KzlcOjtGZNGqroOBz3A5EcxnQac=

                                        
                                            GET /zcvisitor/620137fb-740c-11ed-aec1-12cafe9a7ba3/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5dbc150-6f19-11e8-9eb3-0e497388635c HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18bc8.hredcc.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 19:46:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: BvvRxpog


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1100
Md5:    0d9ec81debc467bbc2af1649609a50e9
Sha1:   dfb6bc2f5cdb7bc0de80a70cfd604baa9bee15bb
Sha256: dd40da0a66948cfc72975b1280ecd46aea9f6666451962bf7e926fb16d4507dd
                                        
                                            GET /zcredirect?visitid=620137fb-740c-11ed-aec1-12cafe9a7ba3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/620137fb-740c-11ed-aec1-12cafe9a7ba3/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=e5dbc150-6f19-11e8-9eb3-0e497388635c
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 19:46:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: aVaGlhqH


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (829)
Size:   1744
Md5:    b310ad73e7caa744218fe9f714b76c30
Sha1:   14512319b16f1a050f88a822749dae0cb5b35087
Sha256: 9a7cf353a9d1338d3978eb54d9278a4e68feb54cee8afecf86228748148ae6a6
                                        
                                            GET /zp-redirect?target=https%3A%2F%2Fwww.nuggitgames.com%2Fngsskm%2Fno%2Findex-uni.html%3Fcep%3DR63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw%26lptoken%3D1628702f18f350840648&caid=53c8519d-dbda-48a9-b0f2-6aadb0b9a2c6&zpid=620137fb-740c-11ed-aec1-12cafe9a7ba3&cid=&rt=R HTTP/1.1 
Host: web.countertrck.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         18.193.235.10
HTTP/2 302 Found
                                        
server: nginx
date: Sun, 04 Dec 2022 19:46:46 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
pragma: no-cache
set-cookie: cep-v4=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw; Max-Age=86400; Expires=Mon, 05-Dec-2022 19:46:46 GMT; Domain=web.countertrck.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=620137fb-740c-11ed-aec1-12cafe9a7ba3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

search
                                         3.212.50.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Sun, 04 Dec 2022 19:46:46 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: PtojrDAF


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648 HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
accept-ranges: bytes
x-mod-pagespeed: 1.14.36.1-0
cache-control: max-age=0, no-cache, s-maxage=10
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-robots-tag: noindex, noarchive, nosnippet
content-length: 18603
date: Sun, 04 Dec 2022 19:46:46 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2104)
Size:   18603
Md5:    15340cb4eb2770b831147acfbf309ae2
Sha1:   8c7e9bc87e7bab952a0aaa958f1f38153efde7f7
Sha256: e8323fb09399bd0b01ad075ef2c2ebc9af8155e704f6a7fa1b69e240490751b7
                                        
                                            GET /ngsskm/no/style.css HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Sat, 08 Feb 2020 05:04:25 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 03 Jan 2023 19:46:46 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-robots-tag: noindex, noarchive, nosnippet
content-length: 2786
date: Sun, 04 Dec 2022 19:46:46 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2786
Md5:    cd4dfdbd77843c1253ea7209570cb047
Sha1:   bc6337064ba083703c97a4d770cb8c2679816520
Sha256: 8cce0dc5aa152c162192f9503a76f454638ef4aa346508d3f961e1775f91b2f5
                                        
                                            GET /ngsskm/no/images/NO.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1182
last-modified: Sat, 08 Feb 2020 05:04:31 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-HbvcVwpqsR"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 50 x 40, 8-bit colormap, non-interlaced\012- data
Size:   1182
Md5:    1dbbdc570a6ab11660aae86783af4b21
Sha1:   c16bacdbf508f6896d590f482d79ce1e62c2d63a
Sha256: 4c7188a23412702bfc654a613cc7bcb30182265f832d60fbb667b35b1b75d27c
                                        
                                            GET /ngsskm/no/images/slot-start.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 26084
last-modified: Sat, 08 Feb 2020 05:04:44 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-9JFkdVbkkt"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   26084
Md5:    f491647556e492de92530b48827690aa
Sha1:   6296c44299f5acb17cb2c06e37391a70672b1fd3
Sha256: efb819d37f19ec7505d9602488ce97868d84e1c7929ce83e308e23f02d97b95d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 19:46:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 15:15:39 GMT
expires: Mon, 04 Dec 2023 15:15:39 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 16268
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32069)
Size:   30089
Md5:    4ae540714475aa934955496d990ab15f
Sha1:   b7724c4d72a422b86f5dc06571ff4bc86f0308a3
Sha256: ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2
                                        
                                            GET /ngsskm/no/images/slot-result-1.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 20370
last-modified: Sat, 08 Feb 2020 05:04:34 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-H70rJuYSNt"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   20370
Md5:    1fbd2b26e61236d5bcfdfeb6adbd2c8c
Sha1:   c9034272d28dab018b73f1967a679c734f987a1f
Sha256: c402c36eb8d623b618261d40846e63c130de1e78720ab5578eae1d645198c963
                                        
                                            GET /ngsskm/no/images/slot-spin.gif HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 87599
last-modified: Sat, 08 Feb 2020 05:04:41 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-YXwWxeBMhg"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 410 x 279\012- data
Size:   87599
Md5:    617c16c5e04c8603dd7f157862b1c682
Sha1:   1306296f9a666a7fc50f339a2a924ce8a3a18169
Sha256: 7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
                                        
                                            GET /ngsskm/no/red-arrow-right.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1362
last-modified: Sat, 08 Feb 2020 05:04:23 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-iBvcA3voiV"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size:   1362
Md5:    881bdc037be8895ba5d8d53456890e7e
Sha1:   4e105c89e2a1475520bb74c9c20bf2f9e906fcb3
Sha256: 9f8160d6380fef91c8eadecc6e8e59e93e3f5c40be7963018c8104bef4354d8f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 19:46:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ngsskm/no/red-arrow-left.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1334
last-modified: Sat, 08 Feb 2020 05:04:20 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-ktPkgsrOqF"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size:   1334
Md5:    92d3e482cacea857c5dfaf9fa3a21dfb
Sha1:   3f12c410c77d763cc4719ec367a18417b8300758
Sha256: 4a688dc66588e8e86e98ccadb318fa2aca3fd6e2444aac783278b982f3e47eef
                                        
                                            GET /ngsskm/no/images/slot-win.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 14391
last-modified: Sat, 08 Feb 2020 05:04:47 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-k5tqc8ljg6"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   14391
Md5:    939b6a73c96383ac0842317037f3a0f0
Sha1:   0654b62431c8ba522833950b8166d7a16e2a6b56
Sha256: b8f1ec0ac028bd024af2cf57b63b07069b2f4a41e61c1577e968ca5d7ba72837
                                        
                                            GET /ngsskm/no/images/slot-result-2.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 26733
last-modified: Sat, 08 Feb 2020 05:04:37 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-tsoL_qTQzs"
date: Sun, 04 Dec 2022 19:46:46 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   26733
Md5:    b6ca0bfea4d0cec334f128f5c2c44cff
Sha1:   f6dc006902542a929187af718d9f6a244e5472b5
Sha256: b09b477eb93ed896b8e52a2f746e435695dbef2a1259987bae4fbea3c35b5435
                                        
                                            GET /ngsskm/no/alert.ogg HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 206 Partial Content
content-type: audio/ogg
                                        
last-modified: Sat, 08 Feb 2020 05:04:11 GMT
accept-ranges: bytes
content-length: 6061
cache-control: max-age=172800, s-maxage=10
expires: Tue, 06 Dec 2022 19:46:46 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
content-range: bytes 0-6060/6061
date: Sun, 04 Dec 2022 19:46:46 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Ogg data, Vorbis audio, mono, 44100 Hz, ~70000 bps, created by: Xiph.Org libVorbis I (1.3.2)\012- data
Size:   6061
Md5:    c24ec40453460f0d5617767016ebc7fe
Sha1:   c360aea4f0d0a34920ddacd376503734142438b9
Sha256: 6c24b85e36500836887748ab5fcfa2663bd6ab39d28f73e75aa5a669bf9386cb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ngsskm/no/sounds/win.mp3 HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 206 Partial Content
content-type: audio/mpeg
                                        
last-modified: Sat, 08 Feb 2020 05:04:54 GMT
accept-ranges: bytes
content-length: 10391
cache-control: max-age=172800, s-maxage=10
expires: Tue, 06 Dec 2022 19:46:46 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
content-range: bytes 0-10390/10391
date: Sun, 04 Dec 2022 19:46:46 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Size:   10391
Md5:    bca40777013dec4a99eaa8b0b98a7fef
Sha1:   bc1c833577a1dcd82ad01a90e82898bc7b47cad7
Sha256: 635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19337
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:46:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19337
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:46:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19337
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:46:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19337
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:46:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19337
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 19:46:47 GMT
Connection: keep-alive

                                        
                                            GET /ngsskm/no/sounds/spin.mp3 HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 206 Partial Content
content-type: audio/mpeg
                                        
last-modified: Sat, 08 Feb 2020 05:04:51 GMT
accept-ranges: bytes
content-length: 8784
cache-control: max-age=172800, s-maxage=10
expires: Tue, 06 Dec 2022 19:46:46 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
content-range: bytes 0-8783/8784
date: Sun, 04 Dec 2022 19:46:46 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Size:   8784
Md5:    5a2e10964c7fea8b0181831184bc0d97
Sha1:   8f5233dd6be372e7749c6cd8440db5b43de5a9c9
Sha256: 9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ngsskm/no/arrow.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 154
last-modified: Sat, 08 Feb 2020 05:04:13 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-Ta8SsGd92a"
date: Sun, 04 Dec 2022 19:46:47 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 4-bit colormap, non-interlaced\012- data
Size:   154
Md5:    4daf12b0677dd9ae8923d3154187d1d8
Sha1:   d20e8f0a0c1a72d20cd421ba5e162ff938896e51
Sha256: 5351d7b058d47812c8a2c74bccef9389a11e3df9cd19874d95b7000c8ab9ea9e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 79025
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 79006
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8989
Md5:    a6e7b32ac999cf3c899a234c621fa91a
Sha1:   fc5d4f3163ebb9faf85968cbb1d194e8e68418be
Sha256: f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 79448
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 79366
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:23:21 GMT
age: 44606
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7503
Md5:    c1a6f4805f59db44f9d3520d88701a58
Sha1:   6a0258e8c97ce09f1723382c8a16d9682b7dc50c
Sha256: ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 49887
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /ngsskm/no/favicon.png HTTP/1.1 
Host: www.nuggitgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuggitgames.com/ngsskm/no/index-uni.html?cep=R63R1uPX-HTMp6KCp3fpHX56wLh3eBWnGr61hKkaDzF6m0cr1Zo4icnhsAdUcvJ4T8aWNwsDi1Z9kMIzMtJrepbDDru57mquvLwfi5xI-a1PGUGqgy1GbkdfqibLTQ230jxCWu7fuK0KqM00W3-7cPd3SwyEyJ1RQvkr6ubz7uuRSbDRZdN1iSk8V2ikS2R9zwSV0dun7Rb02p3dileCpT0EXf9Dvn3pnia0kEeYlCNLOPTlYyRx4zLDlDEB6gVhNrCaoFV44NB7s974lmibFUVTpWezbF5wsiu6g5TqVSOYFZJMokVpVthR1fBu92OTisedwM3Ii3bLAqUSMH5LVvjnP_0bzK-pcE2cqe7Ql_7gcegXX0PLaPoB4ipq828bS3PELXsFFHfPreiuHXmz9h6Nvv5IKzxqsgFKULN1ggb8BPF0H3nHMVuaJyQke1jWCHkzL0CBm1ugMsVlemIUBvWQPo4lgpZPxHLRvRqYVLnfMGHEivy92pRwa3_WtNAN4RjnK5A6uTzh9e-eoywTxw&lptoken=1628702f18f350840648
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         138.201.157.209
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 805
last-modified: Sat, 08 Feb 2020 05:04:15 GMT
accept-ranges: bytes
expires: Mon, 04 Dec 2023 10:58:54 GMT
x-robots-tag: noindex, noarchive, nosnippet
vary: User-Agent
server: Apache
cache-control: max-age=31536000
etag: W/"PSA-SWsrBMaDqh"
date: Sun, 04 Dec 2022 19:46:47 GMT
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Size:   805
Md5:    496b2b04c683aa1aee40aea9b8a9bd2b
Sha1:   e248732ed7105d6e618436ed2dad8556239243a1
Sha256: ac90a1d4eed03e30376b0d3f7529652269e51bc2b0455797cb1acb34941f9ec2