tgrrre.80c62.bl.wy5532.com/
200 OK 487 B URL HTTP/1.1 tgrrre.80c62.bl.wy5532.com/
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (487), with no line terminators
Hash 97a1083790b26dce23c6eb8feb1eb4b1
a475c23f8e70238c7f0870580c9c356488a7ad2b
75f5fedd6d5d0b2a71c6d1c35163abc2f4d932383cea352443c647c1253cac44
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: tgrrre.80c62.bl.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=1f87013e-742a-11ed-a5e9-342bcf6faece
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 487
content-type: text/html; charset=utf-8
date: Mon, 05 Dec 2022 00:29:13 GMT
server: nginx
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14875
Expires: Mon, 05 Dec 2022 04:37:09 GMT
Date: Mon, 05 Dec 2022 00:29:14 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2234
Cache-Control: max-age=124757
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:14 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:08:31 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 00:20:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 544
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2809
Expires: Mon, 05 Dec 2022 01:16:03 GMT
Date: Mon, 05 Dec 2022 00:29:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0TcS384fFFtwbAkl5OIlHKy+QifvgVeIPOXOdyTZMvh/9Ew2udutvllj0Gq16oORxeUBNYL4LSU=
x-amz-request-id: YWJTD3QTZN181VMA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 23:47:10 GMT
age: 2524
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 00:29:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
tgrrre.80c62.bl.wy5532.com/favicon.ico
404 Not Found 9 B URL HTTP/1.1 tgrrre.80c62.bl.wy5532.com/favicon.ico
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: tgrrre.80c62.bl.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tgrrre.80c62.bl.wy5532.com/
Cookie: sid=1f87013e-742a-11ed-a5e9-342bcf6faece
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 05 Dec 2022 00:29:13 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 00:08:58 GMT
cache-control: public,max-age=3600
age: 1216
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2220
Cache-Control: max-age=119677
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:14 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:43:51 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
tgrrre.80c62.bl.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDIwNzM1MywiaWF0IjoxNjcwMjAwMTUzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21yc2M2dW45Z2JuMHU4NDgwcjU3cWEiLCJuYmYiOjE2NzAyMDAxNTMsInRzIjoxNjcwMjAwMTUzOTI4Njg4fQ.cIetMesOvcFSCWAPZk-3ebn7x_JVT4fJ1cIKeCliZ0Q&sid=1f87013e-742a-11ed-a5e9-342bcf6faece
302 Found 11 B URL HTTP/1.1 tgrrre.80c62.bl.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDIwNzM1MywiaWF0IjoxNjcwMjAwMTUzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21yc2M2dW45Z2JuMHU4NDgwcjU3cWEiLCJuYmYiOjE2NzAyMDAxNTMsInRzIjoxNjcwMjAwMTUzOTI4Njg4fQ.cIetMesOvcFSCWAPZk-3ebn7x_JVT4fJ1cIKeCliZ0Q&sid=1f87013e-742a-11ed-a5e9-342bcf6faece
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDIwNzM1MywiaWF0IjoxNjcwMjAwMTUzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21yc2M2dW45Z2JuMHU4NDgwcjU3cWEiLCJuYmYiOjE2NzAyMDAxNTMsInRzIjoxNjcwMjAwMTUzOTI4Njg4fQ.cIetMesOvcFSCWAPZk-3ebn7x_JVT4fJ1cIKeCliZ0Q&sid=1f87013e-742a-11ed-a5e9-342bcf6faece HTTP/1.1
Host: tgrrre.80c62.bl.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tgrrre.80c62.bl.wy5532.com/
Cookie: sid=1f87013e-742a-11ed-a5e9-342bcf6faece
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 05 Dec 2022 00:29:14 GMT
location: http://click-v4.expmdiadi.com/click?i=6ccsupSbluc_0
server: nginx
set-cookie: sid=1f87013e-742a-11ed-a5e9-342bcf6faece; path=/; domain=.wy5532.com; expires=Sat, 23 Dec 2090 03:43:22 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0kjf69FNpAyD1FYOvwJEXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LE7v+hkDmoKlbAPLhDiVtaNFzso=
click-v4.expmdiadi.com/click?i=6ccsupSbluc_0
302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=6ccsupSbluc_0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=6ccsupSbluc_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://tgrrre.80c62.bl.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com
Pragma: no-cache
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5404cc222630b45f60a9ff5e444ca723
04607f45d7b84400cbb9c42925b8770257b3fa21
aa59caaff051a0e9bd952ccc548365b0f3d72524cc3e30d0ecff0ae3b6633271
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 00:29:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 19:00:09 GMT
Expires: Sun, 11 Dec 2022 19:00:08 GMT
Etag: "04607f45d7b84400cbb9c42925b8770257b3fa21"
Cache-Control: max-age=584452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7748aa9b79740b06-OSL
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5404cc222630b45f60a9ff5e444ca723
04607f45d7b84400cbb9c42925b8770257b3fa21
aa59caaff051a0e9bd952ccc548365b0f3d72524cc3e30d0ecff0ae3b6633271
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 00:29:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 19:00:09 GMT
Expires: Sun, 11 Dec 2022 19:00:08 GMT
Etag: "04607f45d7b84400cbb9c42925b8770257b3fa21"
Cache-Control: max-age=584452,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7748aa9e8a860b06-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3358
Expires: Mon, 05 Dec 2022 01:25:14 GMT
Date: Mon, 05 Dec 2022 00:29:16 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3358
Expires: Mon, 05 Dec 2022 01:25:14 GMT
Date: Mon, 05 Dec 2022 00:29:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2955536-4372-40c4-bbce-37f3da5c8a64.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2955536-4372-40c4-bbce-37f3da5c8a64.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb029b41d342a82250aef6d6f713be6e
cd754bb6094d2e456b95dce8daace45a0de8a121
c16e364547c9e7a3c487b614073d59c7c495c5e5387b75136afab0dc68bebca4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2955536-4372-40c4-bbce-37f3da5c8a64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10031
x-amzn-requestid: ca6c11c5-8842-4ffb-bb9e-5351c4e60c5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjY0CGUVIAMFxog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ad4e6-4282be9f505aa5764e9b1fa2;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 04:47:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: vg9n0d9YqjfrKwJHGGcztV4gsGENhNYUuC1HUmWFsxRlDdMSpV4IQw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 15:58:47 GMT
age: 30629
etag: "cd754bb6094d2e456b95dce8daace45a0de8a121"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50c0f516-113b-498b-a6f2-9f0a076ff423.jpeg
200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50c0f516-113b-498b-a6f2-9f0a076ff423.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dafdb4fe91795a9e16baebb085ccd818
f5ed5d03e6969f81349ad78fde0e71390a4ed391
f535ce45d68317bad15513d3cd3d21d2c0ef12e93d6ac19cc07b704ee1651f51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50c0f516-113b-498b-a6f2-9f0a076ff423.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7853
x-amzn-requestid: fa079a7e-1e93-41d6-bb16-2703077a0cb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGrKEGFoAMFnBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6388517a-076131847c129c197e84901b;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:02:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Cri6Vf6-INRisbFQ4ITZ7f8RIvomQXQ-TjkjWAOkkUhmI1yhHIbTYA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 08:10:52 GMT
age: 58704
etag: "f5ed5d03e6969f81349ad78fde0e71390a4ed391"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396c9419-24ff-48bc-bf81-361b151c281b.jpeg
200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396c9419-24ff-48bc-bf81-361b151c281b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3d863be9bd5d072e85b8976251ce342
b9c67cf9a5ae7ec4c7bf8e8b857918be9277a140
f188fb7575c4b8662acfe2a6682559d50a12430c116605391dd77257bc11a60b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396c9419-24ff-48bc-bf81-361b151c281b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6133
x-amzn-requestid: d2c60baf-1d2e-4b1f-9c08-2adf0aa458a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUXHcPIAMFl5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-3ddc6f0428790a9d5f253825;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HVO2yJJggGy-dou69DXIb254DYhzLj31b9-lyIOyIvQAQGGqQfmSSg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 03:17:42 GMT
age: 76294
etag: "b9c67cf9a5ae7ec4c7bf8e8b857918be9277a140"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c36448c65274ebbe1eb21e3bf02385e
e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28
6f17788a394f1305755805a1b92117b1c1a03a1e3a075cb97a0da5184d574553
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: ae2ec151-d383-4554-9ac2-3d204701251c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ttFDKoAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1324-15aebb1a06253068472a6ab0;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hEiLpBd0Tubj3-Wgqh_jpK6XEekyrHfuQxpVD_JLlNSAQj41XK_1EA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:15 GMT
age: 9421
etag: "e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png
200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7bde76a4dbab17f37747e7da55ad924
56ee7aa6cf94570b1218ef6e767a7036d0b8900f
bd8320fe10dc06061008034cfd1ca9f17e941b2b859b8dd12f23bcac35746aab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3707
x-amzn-requestid: e9d4dc01-cb68-471b-8da4-c6f170248387
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_xhEm-IAMFRNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d133c-5414a54751e2569f639d0dea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:38:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _nGZrHCvmP-EKAQG20l1ayIftZ4spFGPuG--vyTpMhbNa9L3pIWhCA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:29 GMT
age: 9647
etag: "56ee7aa6cf94570b1218ef6e767a7036d0b8900f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d72fb8d20c29763234c2817b119d11b
d4924ec714f5157bcb2fddcb5f768188a3dd37dc
e9aa59142e0673ed3f58b36beaca48213c678dbe4655f9c4b64581cb0f6f22f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feff698a5-ffc4-43ea-b7a3-b681cafeb108.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12830
x-amzn-requestid: 66f5f2fa-8472-4484-bbea-20ece7e98b1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcsxGDyIAMFX4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e51-146167697890d9312ce3dbac;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CYvQg9Tc0rQB9_DoDW4RoLx2GEdMSEaXViCY3qXbijd0P5mMSZWE6Q==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 03:35:27 GMT
age: 75229
etag: "d4924ec714f5157bcb2fddcb5f768188a3dd37dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
IP
Hash d58b08317c32d48a3c4907c78f823c6c
04e35733d9f60b03b5adb3a74c7120fd4a1e59d9
0675ba60113083af0ac30e7afc633865ba0f041949a3d77b5381548a29bd14ff
POST /s/gts1p5/oh17uUli4Cw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oh17uUli4Cw
IP
Hash d58b08317c32d48a3c4907c78f823c6c
04e35733d9f60b03b5adb3a74c7120fd4a1e59d9
0675ba60113083af0ac30e7afc633865ba0f041949a3d77b5381548a29bd14ff
POST /s/gts1p5/oh17uUli4Cw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ak.roudoduor.com/afu.php?zoneid=5460782&ymid=167020015610000TNOTV415326358024V15&var=315519420
200 OK 9.6 kB URL HTTP/2 ak.roudoduor.com/afu.php?zoneid=5460782&ymid=167020015610000TNOTV415326358024V15&var=315519420
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12966)
Hash 3d94cacce0940850f66229cecdab87c4
49f98eff26f407da28439826dcb6eca971a14787
9db3073445d2a6e3ac18d23d4dda8b0c748c825f8d74edbacf06adb9c640ddfe
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=5460782&ymid=167020015610000TNOTV415326358024V15&var=315519420 HTTP/1.1
Host: ak.roudoduor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: ef6544f7a6fc5cf45996c20032bead48
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
vary: Accept-Encoding
x-akamai-transformed: 9 8628 0 pmb=mRUM,1
content-encoding: gzip
expires: Mon, 05 Dec 2022 00:29:16 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 05 Dec 2022 00:29:16 GMT
content-length: 9640
set-cookie: OAID=43a7c7fa94d54acd90f0e6f8962a842b; expires=Tue, 05 Dec 2023 00:29:16 GMT; path=/; secure; SameSite=None
oaidts=1670200156; expires=Tue, 05 Dec 2023 00:29:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=22, origin; dur=4
X-Firefox-Spdy: h2
s.go-mpulse.net/boomerang/T5QW8-JUY6U-SF395-TC67A-UGXBF
200 OK 50 kB URL HTTP/2 s.go-mpulse.net/boomerang/T5QW8-JUY6U-SF395-TC67A-UGXBF
IP
File type C source, ASCII text, with very long lines (65103)
Hash 8991c3ec80ec8fbc41382a55679e3911
8cc8cee91d671038acd9e3ae611517d6801b0909
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800
GET /boomerang/T5QW8-JUY6U-SF395-TC67A-UGXBF HTTP/1.1
Host: s.go-mpulse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.roudoduor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
content-encoding: br
last-modified: Sat, 19 Nov 2022 14:45:49 GMT
timing-allow-origin: *
vary: Accept-Encoding
x-n: S
content-length: 50393
date: Mon, 05 Dec 2022 00:29:16 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d5f25c4c99bce7de9166e989e0e94df3
977a8feb8420b10fc4b27440203b08ecae7516f8
5e444685fc55211330424827c83a0b4a885ff07f4c97fa667eead72cdc3c3eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E444685FC55211330424827C83A0B4A885FF07F4C97FA667EEAD72CDC3C3EAF"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6662
Expires: Mon, 05 Dec 2022 02:20:18 GMT
Date: Mon, 05 Dec 2022 00:29:16 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=43a7c7fa94d54acd90f0e6f8962a842b
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=43a7c7fa94d54acd90f0e6f8962a842b
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=43a7c7fa94d54acd90f0e6f8962a842b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.roudoduor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 00:29:16 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=43a7c7fa94d54acd90f0e6f8962a842b; expires=Tue, 05 Dec 2023 00:29:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ak.roudoduor.com/?z=5460782&syncedCookie=true&rhd=false
302 Found 0 B URL HTTP/2 ak.roudoduor.com/?z=5460782&syncedCookie=true&rhd=false
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5460782&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.roudoduor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 586
Origin: https://ak.roudoduor.com
Connection: keep-alive
Referer: https://ak.roudoduor.com/afu.php?zoneid=5460782&var=5460782&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=43a7c7fa94d54acd90f0e6f8962a842b; oaidts=1670200156
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: eaeb7eadd479f027980a938424c8e1ac
link: <https://ntrfr.leovegas.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://ntrfr.leovegas.com/redirect.aspx?pid=3748557&bid=13362&rdk=rk3
access-control-allow-origin: https://ak.roudoduor.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Mon, 05 Dec 2022 00:29:16 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 05 Dec 2022 00:29:16 GMT
set-cookie: OAID=43a7c7fa94d54acd90f0e6f8962a842b; expires=Tue, 05 Dec 2023 00:29:16 GMT; path=/; secure; SameSite=None
oaidts=1670200156; expires=Tue, 05 Dec 2023 00:29:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 12 Dec 2022 00:29:16 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=6
X-Firefox-Spdy: h2
ntrfr.leovegas.com/redirect.aspx?pid=3748557&bid=13362&rdk=rk3
307 Temporary Redirect 0 B URL HTTP/2 ntrfr.leovegas.com/redirect.aspx?pid=3748557&bid=13362&rdk=rk3
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=3748557&bid=13362&rdk=rk3 HTTP/1.1
Host: ntrfr.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://promo.leovegas.com/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 05 Dec 2022 00:29:17 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 05 Dec 2022 00:29:17 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; SameSite=None;; domain=.leovegas.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; domain=.leovegas.com; expires=Wed, 05-Dec-3021 00:29:17 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=34
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4a96cab91864ceab7fd753917fd0a9eb
4d12a4a85ac19d3e951e19dacb55d7264b02e8c5
19c446681b5229c4dc010d36c154328802a4bbb49bb454e168dabfe1553609fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19C446681B5229C4DC010D36C154328802A4BBB49BB454E168DABFE1553609FA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Mon, 05 Dec 2022 03:08:43 GMT
Date: Mon, 05 Dec 2022 00:29:17 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash e2ef0ef17169d7b35a7dd72be93b8a73
6aa14bfc09ce48513aafcf5a600ceffd2d35733d
2485f4e261456c25948ee0bb6665b448b63b08296692e629b8de26376bedd34e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 00:29:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 16:52:38 GMT
Expires: Thu, 08 Dec 2022 16:52:37 GMT
Etag: "6aa14bfc09ce48513aafcf5a600ceffd2d35733d"
Cache-Control: max-age=317600,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7748aaa41c9d0b06-OSL
promo.leovegas.com/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
301 Moved Permanently 32 B URL HTTP/2 promo.leovegas.com/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with no line terminators
Hash 39dacc1839fbc93e31c1d2d53217a24c
bab0715449a8c2d79b67b5fa7f7d464f774fb77d
391c5184370e9aa51e55f54f79e9cb518cabbdf1d0806db6a832f38b9364b28b
GET /mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362 HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
age: 0
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/plain; charset=utf-8
date: Mon, 05 Dec 2022 00:29:17 GMT
location: /no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZRZ6YZTZ3K9FY9Q41C88
x-xss-protection: 1; mode=block
content-length: 32
X-Firefox-Spdy: h2
promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
200 OK 18 kB URL HTTP/2 promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6578)
Hash b313dc6923a26b4d66945bb4a2ec9d5c
9402f6e417b5b6092aa92047de5bae6ad4f37b5f
39f7a762641f551056d58eaf394547a7eb07d2b0354a8df75eb2ed93cdcb4775
GET /no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362 HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
age: 18354
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/html; charset=UTF-8
date: Sun, 04 Dec 2022 19:23:23 GMT
etag: "fc49e5ca6940aded71b46beb8e15e7d5-ssl-df"
link: </webpack-runtime.js>; rel=preload; as=script, </framework.js>; rel=preload; as=script, </dc6a8720040df98778fe970bf6c000a41750d3ae.js>; rel=preload; as=script, </app.js>; rel=preload; as=script, </47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js>; rel=preload; as=script, </7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js>; rel=preload; as=script, </ff324cc4fcad5c37469103212758a68962a91703.js>; rel=preload; as=script, </8e399fed3a6b1522e3959e34b00067a9519e807d.js>; rel=preload; as=script, </05901c0cdc340371e5e64de460e805993147c75a.js>; rel=preload; as=script, </component---src-templates-leo-universe-index-jsx.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/no/mc-livecasino/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS4S6XAHVV42YP23J3MZ
x-xss-protection: 1; mode=block
content-length: 17492
X-Firefox-Spdy: h2
promo.leovegas.com/webpack-runtime.js
200 OK 1.5 kB URL HTTP/2 promo.leovegas.com/webpack-runtime.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (2978)
Hash 46bdc23c4790cbbed3d827635a14b9ee
333d0366b5521022f0b2b713934f63c7561fd304
cdc829772958aa6c44fe420e9cc3a7b44503b5b48e7a7d957f426ffc58adf078
GET /webpack-runtime.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "d50f19024fb972e823cb9cedda51d294-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS82N6YETM0K2F2DCD25
x-xss-protection: 1; mode=block
content-length: 1511
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promo.leovegas.com/framework.js
200 OK 42 kB URL HTTP/2 promo.leovegas.com/framework.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65469)
Hash 5f77f759194550bbd5a18054f44d3b48
b996d9b3131ded0d120f5fa00f3c336d35250d02
8fb0442d64405399d4d2479b62fb4b00731de7df02d043e321185185b41f24ac
GET /framework.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "3e379ad990653adc04137a3854730ff5-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS833J42451RQSWA4778
x-xss-protection: 1; mode=block
content-length: 42112
X-Firefox-Spdy: h2
promo.leovegas.com/dc6a8720040df98778fe970bf6c000a41750d3ae.js
200 OK 4.3 kB URL HTTP/2 promo.leovegas.com/dc6a8720040df98778fe970bf6c000a41750d3ae.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (11901)
Hash 148b4dd017cc0dab6e5f9d651d7ab7ef
2bb42657a3d6f768956527c47218d2672d9b9ac6
95891c81d3acd42423cd49c70ce421980440f8cb7d52f0f77dc67abb2c6fb0aa
GET /dc6a8720040df98778fe970bf6c000a41750d3ae.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "12d1763d5f10d67e3fe2f9f00b96b2e8-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS84KVFR44BFF62QVHSZ
x-xss-protection: 1; mode=block
content-length: 4327
X-Firefox-Spdy: h2
promo.leovegas.com/app.js
200 OK 16 kB URL HTTP/2 promo.leovegas.com/app.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (51500)
Hash c946be763cc4e7820722271e15a2383d
feecaa8bbe3a295a6dc35e1e6f6e75642e3e1d02
4f03fa9fbee4015b19010d5880b4535769a2522a2e3dfbc7073b5d218ea550a7
GET /app.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "efc56438502dc0b09b588bf8cc771969-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS84SC2NEFFCXV3TBQYF
x-xss-protection: 1; mode=block
content-length: 15536
X-Firefox-Spdy: h2
promo.leovegas.com/47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js
200 OK 6.2 kB URL HTTP/2 promo.leovegas.com/47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (16666)
Hash 5c4e7e14f8659373e45400cf68c97a41
a2df475919893462415902ab0da086acc4f77033
58b06d80fbd4927e361ce301821f790c35782282eb6943dc9ce6b786ec63b352
GET /47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19398
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:00 GMT
etag: "eea2c190fa6c75b8568cff2969365888-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS85BJRFP3VMYFWSMWK8
x-xss-protection: 1; mode=block
content-length: 6218
X-Firefox-Spdy: h2
promo.leovegas.com/7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js
200 OK 2.9 kB URL HTTP/2 promo.leovegas.com/7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (6980)
Hash 4befa7048021cd47bd7c590f8219a114
77130fee3b5db4ff69ac115ba6392d9fbb8158a6
ddb556400e35de0261e5bf2d35dbf9d494d203f570c05d88d61f580f9c7ccfa0
GET /7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19398
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:00 GMT
etag: "a6e0802faefeef3a99043c2daddd096f-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS87M3KH058KKF7DGR03
x-xss-protection: 1; mode=block
content-length: 2937
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 0a63a6c653002f93d6d8e6e1282bd1ea
6dc0648b815204a68980e581cd00d86be34b4830
fa7244a8845005667b1c6af39cff657429b1739109cada1e7fbf612a6b56db71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3613
Cache-Control: max-age=119971
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Etag: "638c5ee3-1d7"
Expires: Tue, 06 Dec 2022 09:48:48 GMT
Last-Modified: Sun, 04 Dec 2022 08:48:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
promo.leovegas.com/ff324cc4fcad5c37469103212758a68962a91703.js
200 OK 100 kB URL HTTP/2 promo.leovegas.com/ff324cc4fcad5c37469103212758a68962a91703.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (65236)
Size 100 kB (100094 bytes)
Hash ad88f25650fae49a89fdea1db069a4b8
945d798c5c411c31717244ac1e79877005511e86
859f0841a883e48ffed94f52e3fa2b98a32f62105033550705d2ccd9a7e12056
GET /ff324cc4fcad5c37469103212758a68962a91703.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19398
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:00 GMT
etag: "33dd56650a8aed1c381ced478717e4b1-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS87QFCMNJPQZKCC3T46
x-xss-protection: 1; mode=block
content-length: 100094
X-Firefox-Spdy: h2
promo.leovegas.com/component---src-templates-leo-universe-index-jsx.js
200 OK 2.4 kB URL HTTP/2 promo.leovegas.com/component---src-templates-leo-universe-index-jsx.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (5773)
Hash c57f16f798f8bc3c281b33d6b29ab370
3608bcc2dfdd1261e8c6cd9bf43067a46c2fd8cf
337ee0d4a4c804aa58d7681b79a7e25f01d1b2d29de515ba3c6295632cdee006
GET /component---src-templates-leo-universe-index-jsx.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19362
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:35 GMT
etag: "79b5cfeb3602b5f1350c673c66c0d012-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS8A26G0MSNS22HGV37G
x-xss-protection: 1; mode=block
content-length: 2414
X-Firefox-Spdy: h2
promo.leovegas.com/8e399fed3a6b1522e3959e34b00067a9519e807d.js
200 OK 33 kB URL HTTP/2 promo.leovegas.com/8e399fed3a6b1522e3959e34b00067a9519e807d.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65536), with no line terminators
Hash 464e51d8049dceec3f4ba74d397009d9
843aba9ccf65310a3656f849667c09c73cf7e2eb
3fb00de7e29f0471f9c3debd72685ae639ba102e6fdef3e40edcd763977bd034
GET /8e399fed3a6b1522e3959e34b00067a9519e807d.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19398
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:00 GMT
etag: "1a90c3703ecfdf94ffc928c21cf5a9be-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS89A8SY1YMWMTJVZ69Y
x-xss-protection: 1; mode=block
content-length: 33010
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/sq/d/2280590532.json
200 OK 1.8 kB URL HTTP/2 promo.leovegas.com/page-data/sq/d/2280590532.json
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text, with very long lines (13497), with no line terminators
Hash 9f055e9ead48e91929776db430c73bd5
564fcf144f13e1566b1b2c69749ea0291c04b75e
3db7fcff0641a5c23e503517261ea7d440e3fa632ee35129dd7c3e7ef8359263
GET /page-data/sq/d/2280590532.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 17273
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Sun, 04 Dec 2022 19:41:24 GMT
etag: "c3d3020a60483e49003046575338d2ec-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS95Q98CPM9DP52D6YMC
x-xss-protection: 1; mode=block
content-length: 1816
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/app-data.json
200 OK 50 B URL HTTP/2 promo.leovegas.com/page-data/app-data.json
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text
Hash 26bbc30fb95a59f85a4c4ea44452a800
26ce9c4a4cccd5400d9d6661a8129ba9d90bba28
f813c77f52799503d269af274d016ca0ccb1704c7d08fd408f5f0c31d1cb992c
GET /page-data/app-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "f610b5b94695f446d38a29bb24af70cb-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS95VVE5Z5GBSVBNN7B0
x-xss-protection: 1; mode=block
content-length: 50
X-Firefox-Spdy: h2
promo.leovegas.com/05901c0cdc340371e5e64de460e805993147c75a.js
200 OK 46 kB URL HTTP/2 promo.leovegas.com/05901c0cdc340371e5e64de460e805993147c75a.js
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65438)
Hash 44deeb76a98ab386414deb34d45028c0
24954a1197a9ad874069f66729f0478b7e708b6c
9c5bb1b1fa4bfa6b160707e53e54c5634b45effc8d9a2ec4b4e143fc8aa6101e
GET /05901c0cdc340371e5e64de460e805993147c75a.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19398
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Dec 2022 19:06:00 GMT
etag: "755b1d2e18b38895cd0871f0a1973e3d-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS89PEAT6S1J6PVNARMC
x-xss-protection: 1; mode=block
content-length: 46547
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
200 OK 8.6 kB URL HTTP/2 promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (24270), with no line terminators
Hash 443da80a18079443a88af2a536cbf82c
e9a66d635df402b52f00515f6eae01097544fa2e
52fe0ff6c2c2c29b4818260acb0b1eb3786b2093eb6c48c418d62ff4f1108cdf
GET /page-data/no/mc-livecasino/page-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19166
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Sun, 04 Dec 2022 19:09:51 GMT
etag: "e2f99e4bcb86868a0950cbca18f9033b-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZS95XHRRRM2CJVA827AG
x-xss-protection: 1; mode=block
content-length: 8566
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promo.leovegas.com/page-data/app-data.json
200 OK 50 B URL HTTP/2 promo.leovegas.com/page-data/app-data.json
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text
Hash 26bbc30fb95a59f85a4c4ea44452a800
26ce9c4a4cccd5400d9d6661a8129ba9d90bba28
f813c77f52799503d269af274d016ca0ccb1704c7d08fd408f5f0c31d1cb992c
GET /page-data/app-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19532
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Sun, 04 Dec 2022 19:03:45 GMT
etag: "f610b5b94695f446d38a29bb24af70cb-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZSD08DJZ240T627WG798
x-xss-protection: 1; mode=block
content-length: 50
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
200 OK 33 kB URL HTTP/2 fonts.gstatic.com/s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 32860, version 1.0\012- data
Hash d010a9f2d5c7a0374b3b84706a43d2ec
c1fe465db08785c3f115555d39db23838960cb66
9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536
GET /s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://promo.leovegas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 01:48:55 GMT
expires: Mon, 04 Dec 2023 01:48:55 GMT
cache-control: public, max-age=31536000
age: 81622
last-modified: Mon, 11 Jul 2022 19:12:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://promo.leovegas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 363323
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://promo.leovegas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 363302
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
304 Not Modified 0 B URL HTTP/2 promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page-data/no/mc-livecasino/page-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: "e2f99e4bcb86868a0950cbca18f9033b-ssl-df"
TE: trailers
HTTP/2 304 Not Modified
cache-control: public, max-age=0, must-revalidate
date: Mon, 05 Dec 2022 00:29:17 GMT
etag: "e2f99e4bcb86868a0950cbca18f9033b-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01GKFTZSE5367W1C7R7XRMHF1V
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 0a63a6c653002f93d6d8e6e1282bd1ea
6dc0648b815204a68980e581cd00d86be34b4830
fa7244a8845005667b1c6af39cff657429b1739109cada1e7fbf612a6b56db71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3613
Cache-Control: max-age=119971
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Etag: "638c5ee3-1d7"
Expires: Tue, 06 Dec 2022 09:48:48 GMT
Last-Modified: Sun, 04 Dec 2022 08:48:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap
200 OK 95 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap
IP
Hash 15961592b5e6dd1cef63d8907c8b95f5
c246d3427e617f5e08ade44e4df194e7db5a0b3f
90b40642f163cf4c41048480f67371a4132c70827bc3b8474c421c2d8c7c1cf7
GET /css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 00:29:17 GMT
date: Mon, 05 Dec 2022 00:29:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
promo.leovegas.com/favicons/apple-touch-icon-180x180.png
200 OK 39 kB URL HTTP/2 promo.leovegas.com/favicons/apple-touch-icon-180x180.png
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d677d2696a6decac62f6ae6702110e6
330819e2d40298fe76abf3b0a5b94365e48f043e
80ffeb0c1602f33c10915cee07509fd9bc89368bb7d423cd586c684aed55ce0a
GET /favicons/apple-touch-icon-180x180.png HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 19544
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: image/png
date: Sun, 04 Dec 2022 19:03:33 GMT
etag: "f615bc63b95404cf50521990d16061da-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZSG16EH1KFX1F8AMFK91
x-xss-protection: 1; mode=block
content-length: 39348
X-Firefox-Spdy: h2
promo.leovegas.com/favicons/favicon-16x16.png
200 OK 950 B URL HTTP/2 promo.leovegas.com/favicons/favicon-16x16.png
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash a4d8c288ccfff5eed3db7050117eb6a5
4873ff662ffd8fed661fac12bf2edb25188a2d4e
710d82b385bbc48af160251f0b4444b7065d8bc6df0afaaa13fbf2e04356fe0d
GET /favicons/favicon-16x16.png HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.0.1670199498.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 18983
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: image/png
date: Sun, 04 Dec 2022 19:12:54 GMT
etag: "6208a9cbcd043a27a0542191e11cd3e4-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKFTZSG1K7SH37MWA0Y95G10
x-xss-protection: 1; mode=block
content-length: 950
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/gtm/optimize.js?id=OPT-K5XRHTM
200 OK 47 kB URL HTTP/2 www.google-analytics.com/gtm/optimize.js?id=OPT-K5XRHTM
IP
File type ASCII text, with very long lines (2698)
Hash 087450d82c9776c2e6220234074952be
6823f7472112471efbdd0c39f506a33c2b87db8c
25872611205dd0c50f0fde014be06ba67ef703f21a47125cc33bd735e963fd26
GET /gtm/optimize.js?id=OPT-K5XRHTM HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 00:29:17 GMT
expires: Mon, 05 Dec 2022 00:29:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46839
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.hotjar.com/modules.90de377b639fd5b933d2.js
200 OK 68 kB URL HTTP/2 script.hotjar.com/modules.90de377b639fd5b933d2.js
IP
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash 8766036825574dfbddbfc197bd098f6b
3c6087743e1b23d7f071f66d65bec1fdb143a2c2
89c7cf4e7103f90d1cc059e02ac95e97a976de4867e6215945fa6046b04db0b8
GET /modules.90de377b639fd5b933d2.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68504
date: Thu, 01 Dec 2022 13:37:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "8766036825574dfbddbfc197bd098f6b"
last-modified: Thu, 01 Dec 2022 13:36:28 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PRX112YhezSEG3ys7wPwyXxN1ENY4Z-HXeTcFzrKX7PBXKRxEEcJbQ==
age: 298332
X-Firefox-Spdy: h2
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
200 OK 21 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP
Hash 1af52720f3753729e44cd2d56db8360d
789a9fec25511dc00de862af27dfd0a3551acca9
38714381f8348d249579cb857d9ba32e9b4b66f1412ff890f9791d320b5dc89b
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c0BVA1mNolwd5P_nQO62BgT9vFbd2hAJtp5qOWA8-UaLZRKhbpcZjA==
age: 991152
X-Firefox-Spdy: h2
images.ctfassets.net/kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp
200 OK 94 kB URL HTTP/2 images.ctfassets.net/kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7ae24e8aa6154835684d65e7a288af63
470b516dc32dd2cf03260e98a56ee035479bfd80
5daea65e65c03202b0aa2ca21fadab1ea769abe71de3b0ae294f9fc803b04122
GET /kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
content-length: 93882
last-modified: Fri, 11 Nov 2022 12:43:16 GMT
server: Contentful Images API
access-control-allow-origin: *
date: Sun, 04 Dec 2022 05:14:32 GMT
cache-control: max-age=31536000
etag: "7ae24e8aa6154835684d65e7a288af63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 80Pu872IGcrOmNwMF0g_p5Bb8YL2teFL5o7n7nTyDFuUEErQQXy1Xw==
age: 69286
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_gid=1977982352.1670199491&gjid=54118116&_v=j98&z=159724803
302 Found 366 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_gid=1977982352.1670199491&gjid=54118116&_v=j98&z=159724803
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4c5cbf7da1ea741ee15215bfc6a3d792
fc8caf7fca444863f1e5731609ffae36fa68fea7
99b6f5e3b85eed78bada7449db1ead71573422255281c49c491a5148fee1e3e6
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_gid=1977982352.1670199491&gjid=54118116&_v=j98&z=159724803 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803
access-control-allow-origin: null
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 05 Dec 2022 00:29:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 366
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2e388f1ab4ec88104f57cf23944ee684
39178c45ed645709cc388d5790b1b58a3272a62f
e33b88f6f77d90b65a8fed943a45623e51f1efbdae401a1652f24be68408dba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803
302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 00:29:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803&slf_rd=1&random=4038180304
access-control-allow-origin: null
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803&slf_rd=1&random=4038180304
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803&slf_rd=1&random=4038180304
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=1296370776.1670199491&jid=861669299&_v=j98&z=159724803&slf_rd=1&random=4038180304 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 00:29:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
access-control-allow-origin: null
access-control-allow-credentials: true
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-380080.js?sv=7
200 OK 6.6 kB URL HTTP/2 static.hotjar.com/c/hotjar-380080.js?sv=7
IP
File type Unicode text, UTF-8 text, with very long lines (19776)
Hash 7bf18024c78a501d088bc1782cdf1dc8
3c779e71d0a2096352a8110c28c101f5b7370d8d
e1295adcaa2d850fd6e7f08b5dcdf9b56bb75e4162607020fa4351b1d60dcc1a
GET /c/hotjar-380080.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Mon, 05 Dec 2022 00:28:56 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
etag: W/8a35824d618d9756593fcb046e521205
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xlr7x81gc6R09CzwCraOYcIoMISjLW6StvcYJjKK9a8IFXCCtgpgCw==
age: 21
X-Firefox-Spdy: h2
d33wubrfki0l68.cloudfront.net/bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js
200 OK 263 kB URL HTTP/2 d33wubrfki0l68.cloudfront.net/bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js
IP
Size 263 kB (262775 bytes)
Hash a33de49bcbc7c50b6ac1b1e379bc352e
68a2a08a3c30770a4143e93feea65501065180cd
2497e395bec2c9cbccc1c07df5fa89110ca0d40dd2dd4e21a86c7fd34a5744e4
GET /bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js HTTP/1.1
Host: d33wubrfki0l68.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31556926
content-encoding: gzip
date: Fri, 02 Dec 2022 10:49:37 GMT
etag: 66f93c87163e873e252c560c1a9704ceaf34ec82-df
server: Netlify
x-nf-request-id: 01GK979FR7N73YRV2MWGMJCPAZ
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -HR3ue5uIAAgIYneKXNiUfnugq9CoPXY8iA7GPFDNHFbnNL_4j0DdQ==
age: 221980
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 794d2423f95f10174a398a035a05a700
add6d91cc265ab82db3912e51b38db1e88691493
e3cc6cc02f1ffa0bf1310190e4dd11dc2751fe09cfb2855a4dcba6cd286476f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3CC6CC02F1FFA0BF1310190E4DD11DC2751FE09CFB2855A4DCBA6CD286476F2"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7015
Expires: Mon, 05 Dec 2022 02:26:13 GMT
Date: Mon, 05 Dec 2022 00:29:18 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 0fa0fcbee72980e311f77902356246e3
e7dd914c5ba25e42dc0619664c2ba248e79d8939
de46ce9d7c70c78f414421d4d781a4b0404cb5674c4331c5ea560a21cdd2e2a1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1220
Cache-Control: max-age=90626
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 00:29:18 GMT
Etag: "638bf59c-1d7"
Expires: Tue, 06 Dec 2022 01:39:44 GMT
Last-Modified: Sun, 04 Dec 2022 01:19:24 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 12:09:06 GMT
age: 44417
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com
200 OK 0 B URL HTTP/2 www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com
IP
GET /jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com HTTP/1.1
Host: www.greatdexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tgrrre.80c62.bl.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 00:29:15 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.greatdexchange.com/jump/next.php?stamat=m%257CNitjI-tjaQdH8AH0dEdHP3xP.98f%252C7H0PozvLiGV-YkDx825CHifo5q1dUZbbxbsNROatJVVe1QXQRD93-m9ULCDi2Lg8fjTFrC1cbMcEO50OGGFNTNteOQ-LkDYafDGPlyxHm9arUD1t_zfsCMNHfh_FBBnr&cbpage=https://www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com&cbur=0.8696681631504652&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Ftgrrre.80c62.bl.wy5532.com%2F
302 Found 0 B URL HTTP/2 www.greatdexchange.com/jump/next.php?stamat=m%257CNitjI-tjaQdH8AH0dEdHP3xP.98f%252C7H0PozvLiGV-YkDx825CHifo5q1dUZbbxbsNROatJVVe1QXQRD93-m9ULCDi2Lg8fjTFrC1cbMcEO50OGGFNTNteOQ-LkDYafDGPlyxHm9arUD1t_zfsCMNHfh_FBBnr&cbpage=https://www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com&cbur=0.8696681631504652&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Ftgrrre.80c62.bl.wy5532.com%2F
IP
GET /jump/next.php?stamat=m%257CNitjI-tjaQdH8AH0dEdHP3xP.98f%252C7H0PozvLiGV-YkDx825CHifo5q1dUZbbxbsNROatJVVe1QXQRD93-m9ULCDi2Lg8fjTFrC1cbMcEO50OGGFNTNteOQ-LkDYafDGPlyxHm9arUD1t_zfsCMNHfh_FBBnr&cbpage=https://www.greatdexchange.com/jump/next.php?r=4152919&sub1=activerevenue&sub2=wy5532.com&cbur=0.8696681631504652&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Ftgrrre.80c62.bl.wy5532.com%2F HTTP/1.1
Host: www.greatdexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Mon, 05 Dec 2022 00:29:16 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://www.greatdexchange.com/script/i.php?stamat=m%257C%252C%252Cg2evYhL6oGU3B0-GH0dEdHP3xP.e01%252CAHkjS7NDlZWLLHmmE0quDj337q0kRz8O4WuElJDI5Pdj957hTo8nYjr1CfbH1y6xhD7tUNIl7FnuTLjo00mhhgu5f9Qtc4BrkBFZPTs2ChGHdR_7YCvJYzUPwfkZtKJJ1XdQeFhVvcbNht3YMHzbOz_1NPnNK6pgrBawmU8SO002R7e_hBulDbRlKq3FxosxpC5sMK06GlT6a926x5hA4fMhg2zqbvy003QhmbPHecobCIv8EAe3qalyuQqS7DKVvOtT-AT1wjFDZDZBvhE9q-MCE3tzTT1oZ5jhJ5nxYstW05NbZ052J73BstK5ymnzrZR0HWTldO1KyRfQndCVt-Lb4P98wqfz3m1rJ_OzcnhKeq_TTNeHJcb9o7b_lFWqxY5Roe0f-5pwmdG7QF7dcpX0V3_mJ5hrxHC3HJVdMrwciZ692SL-qBVH5d7pFtb6hdPLtysRD-Eb28UKutW-kEq8eLbj5V896UcDhSM0g4CBgB-r_eS9fhz_KV0oI78x-QuddB9U9CSC7ERg1cFzsczoDNNZ_LaP7o4ZbSYKyjhUv-71GKXkhYzCnLehuicO0suqNtZsiipuqAkNfxSiOSB5hXePIh8VrS3H2Q82rHI%252C
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
for-j.com/tds3.html?ymid=167020015610000TNOTV415326358024V15&zoneid=5460782&subid=3744083-2405948494-511446505&sourceid=315519420&tt=2
200 OK 0 B URL HTTP/2 for-j.com/tds3.html?ymid=167020015610000TNOTV415326358024V15&zoneid=5460782&subid=3744083-2405948494-511446505&sourceid=315519420&tt=2
IP
GET /tds3.html?ymid=167020015610000TNOTV415326358024V15&zoneid=5460782&subid=3744083-2405948494-511446505&sourceid=315519420&tt=2 HTTP/1.1
Host: for-j.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 00:29:16 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 11:31:57 GMT
cf-cache-status: HIT
age: 67994
expires: Thu, 05 Jan 2023 00:29:16 GMT
cache-control: public, max-age=2678400
vary: Accept-Encoding
server: cloudflare
cf-ray: 7748aaa18bf3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.leovegas.com/set-affiliate-domain-cookie?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362&lobby=livecasino
200 OK 0 B URL HTTP/2 www.leovegas.com/set-affiliate-domain-cookie?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362&lobby=livecasino
IP
GET /set-affiliate-domain-cookie?btag=100665320_42DB2870096B45AA92FA569124EDD74D&rdk=rk3&pid=3748557&bid=13362&lobby=livecasino HTTP/1.1
Host: www.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670199492420)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C2022125018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222738696888%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670199491.1.1.1670200155.0.0.0; _ga=GA1.2.1296370776.1670199491; FPLC=6QlkM4x09wDfN9nCF7ZEpR9A2%2FthqDUWu3afG4iY92VxAvMjk0St55YGfrssRjaG6uDeA%2B%2FqeE2ajLcJEehU%2BoGnr3gw1bxzlM9AK6tld1WUp8nlwQyFzhN4Z3aXLg%3D%3D; FPID=FPID2.2.wmkDWyjIBYnYo%2BTv5S0nmiIaaw371rjvi19ZB%2BLzHUU%3D.1670199491; _hjSessionUser_380080=eyJpZCI6ImNlMTkxNmQwLTRiZDgtNWI2Mi1hY2EwLTRhY2U4N2JmMzJhMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTExOTQsImV4aXN0aW5nIjp0cnVlfQ==; _hjFirstSeen=1; _hjSession_380080=eyJpZCI6Ijg1ZDZjMjZmLTY1NmMtNGEwZS05ZTYyLWFkY2M4YmFhYTNjMyIsImNyZWF0ZWQiOjE2NzAxOTk0OTEyNTcsImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=0; _gid=GA1.2.1977982352.1670199491; leobtag=100665320_9549589D5668430A81E16DC24C4C1424; leonrpid=3748557; leonrbid=13362; leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; visid_incap_846569=IEKN1q1uQKKcOcS6YLeCnMU4jWMAAAAAQUIPAAAAAAAMMv/LikItdaOeBxj/pqaE; _gat_UA-25600410-30=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 00:29:18 GMT
content-type: application/json; charset=utf-8
content-encoding: gzip
set-cookie: leobtag=100665320_42DB2870096B45AA92FA569124EDD74D; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrpid=3748557; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrbid=13362; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrmeta=[{"value":"rk3","key":"rdk"},{"value":"livecasino","key":"lobby"}]; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
nlbi_846569=i2cdO3/t/FQZ2YmsTJV9qQAAAAAOwB5CvxDQCF9e8h9c0nfA; path=/; Domain=.leovegas.com; Secure; SameSite=None
incap_ses_722_846569=B1CpcvVSpTbpPxnsFxAFCl47jWMAAAAAfD2NEYr8kFuZmyxAekw3Qw==; path=/; Domain=.leovegas.com; Secure; SameSite=None
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cdn: Imperva
x-iinfo: 14-106346044-106346047 NNNY CT(1 10 0) RT(1670200158542 34) q(0 0 0 -1) r(1 1) U12
X-Firefox-Spdy: h2
for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 0 B URL HTTP/2 for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: for-j.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 00:29:16 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-302c"
vary: Accept-Encoding
server: cloudflare
cf-ray: 7748aaa1cc29b521-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 07 Dec 2022 00:29:16 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
leo-promo-redirect-service.leo-prod-common.lvg-tech.net/_geofetch
200 OK 0 B URL HTTP/2 leo-promo-redirect-service.leo-prod-common.lvg-tech.net/_geofetch
IP
GET /_geofetch HTTP/1.1
Host: leo-promo-redirect-service.leo-prod-common.lvg-tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promo.leovegas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, GET
access-control-max-age: 3600
content-type: application/json
date: Mon, 05 Dec 2022 00:29:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
81.171.22.5
35.160.51.228
23.36.76.242
104.18.9.13
139.45.195.8
34.141.28.239