rouonixon.com/4/4367892/
139.45.197.238200 OK 8.6 kB IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12986)
Hash cda5e8e15a14706c6254822831bf92a7
04a5a9aa47dbba256ad2ccf15618a6ce65fce62d
52fc0422e7a2e5f27e1d2fafec8e793f43aaa3231ac496adf43f718e092a3aae
Analyzer Verdict Alert fortinet Malware
GET /4/4367892/ HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=ca489b8708f44b2c872bc50d5ad36c26; oaidts=1667668086; syncedCookie=true
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Nov 2022 21:51:13 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 5180a8bdabc4978eea2806ec682e1b57
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=ca489b8708f44b2c872bc50d5ad36c26; expires=Sun, 05 Nov 2023 21:51:13 GMT; path=/
oaidts=1667668086; expires=Sun, 05 Nov 2023 21:51:13 GMT; path=/
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8286265a56e3e10efd41b41618a54071
5f10ac9a050e15f5598674dc7ee3865b325d01a8
2da2fa0b2b86ccc4029d0baa4e9c5b21a6433228b84b451b72b1d318561d4ef2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DA2FA0B2B86CCC4029D0BAA4E9C5B21A6433228B84B451B72B1D318561D4EF2"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17842
Expires: Sun, 06 Nov 2022 02:48:35 GMT
Date: Sat, 05 Nov 2022 21:51:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6562
Cache-Control: max-age=134953
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:13 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 11:20:26 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6563
Cache-Control: max-age=134953
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:14 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 11:20:27 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 078950c3ba9ad01927f3da494b1d1de4
443c8a8247e4e3e04c14d21e0227fc4e8f396142
dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD5DD09FEC51669ADF36B3014BBF65D7BFF608F72018D037F9ED9B414675037C"
Last-Modified: Fri, 04 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17777
Expires: Sun, 06 Nov 2022 02:47:31 GMT
Date: Sat, 05 Nov 2022 21:51:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xr73SnowWyx1PU7s6yUZQc8lP5DffMuIIbe+HcYnabfRBVioSutYHCm8fFeujX68IOPbKmGehCg=
x-amz-request-id: QKGCHXNR7PK4K2RB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 21:47:22 GMT
age: 232
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 21:51:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 4410e0283900e769c122cfbcbdbed143
c5588f7f402a41c39405d7459367eadb893fafaf
c9943eb8c4b659d1f5adf76a2d36b70f4ab306c5831b469e07b0fa822056f2b5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 21:51:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 18:25:20 GMT
Expires: Thu, 10 Nov 2022 18:25:19 GMT
Etag: "c5588f7f402a41c39405d7459367eadb893fafaf"
Cache-Control: max-age=419044,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7658cf420fb3b521-OSL
rouonixon.com/?z=4367892&syncedCookie=false&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 rouonixon.com/?z=4367892&syncedCookie=false&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=4367892&syncedCookie=false&rhd=false HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 443
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=4367892&var=4367892&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=ca489b8708f44b2c872bc50d5ad36c26; oaidts=1667668086; syncedCookie=true
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 05 Nov 2022 21:51:14 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 1b02e5b9147f380593ae2c640f112f6d
Link: <https://entioneryconnium.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://entioneryconnium.com/74c0b0cb-fb1e-4335-b050-38cf0982270d?zoneid=4367892&bannerid=15428234&zonetype={zone_type}&campaignid=6250530&device=desktop®ion=03&isp=blix group as&useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=ca489b8708f44b2c872bc50d5ad36c26; expires=Sun, 05 Nov 2023 21:51:14 GMT; path=/
oaidts=1667668086; expires=Sun, 05 Nov 2023 21:51:14 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
my.rtmark.net/img.gif?f=merge&userId=ca489b8708f44b2c872bc50d5ad36c26
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=ca489b8708f44b2c872bc50d5ad36c26
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=ca489b8708f44b2c872bc50d5ad36c26 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/
Cookie: ID=ca489b8708f44b2c872bc50d5ad36c26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 21:51:14 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: http://rouonixon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ca489b8708f44b2c872bc50d5ad36c26; expires=Sun, 05 Nov 2023 21:51:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
entioneryconnium.com/74c0b0cb-fb1e-4335-b050-38cf0982270d?zoneid=4367892&bannerid=15428234&zonetype={zone_type}&campaignid=6250530&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
35.157.125.133302 Found 0 B URL HTTP/2 entioneryconnium.com/74c0b0cb-fb1e-4335-b050-38cf0982270d?zoneid=4367892&bannerid=15428234&zonetype={zone_type}&campaignid=6250530&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
IP 35.157.125.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /74c0b0cb-fb1e-4335-b050-38cf0982270d?zoneid=4367892&bannerid=15428234&zonetype={zone_type}&campaignid=6250530&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3 HTTP/1.1
Host: entioneryconnium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 74c0b0cb-fb1e-4335-b050-38cf0982270d-v4=UghaGD159PcEIcX6ReBlX7htNtoTJHTGn4O5VcVeJq0; cep-v4=Hq0nCXFRWB7oWGp2uXR3SZsy_7gMlprToGapDpsw5trzX5t0nmCV6bmAxXdDz8D7tvP2c_Vu-X2toNQJ44J6o-eSiGjNfnkbBcaWWPQHbBwZ8k_gKoUj5GaVjZ7QMHgNGHGYD2KhAFiCz7gI3mMyU3tW7Iooihpa7CJegfZF5O1gYLbjrhITUgxHR-SZopaMqugCDLtySZzN8HNFpHjyryUCRtMovS4xzNeoDxXHyNsLq4UFycQgNtnBOJfY2wsupIytnaJsFcUM7v6ZQ426qVdpioY00WvNBsDOmvCaIbxCRIMYenm8q0xW24JC8nro3Jd_5TOdjAN0m3OPCliv2eSsE1EsxuW93L35U0CuJsyNqezrDuMjeUxsmVckp4S5XIQgzxldYQIrFwMae_MM6pcJwybK4fXHAVoFiAkAh9S-Sr-0v_FuPKc6R1g9tYu9wZyv4jdb-NwBe2hzC8y3_BhUVRmvBrHREljNPrMoGCXYOMLwwtJe5QEhpOiNUixkwbXzAyUmnSu-gW8FnPnkri3aB88LD_a8eLCRF1na5oxj52QJDswyhKactZmnyy_bN0-ricTrTjbJyeF5wOxGKyfXzXd_7u7MuSvjm2b-Ju16apOkel3Hx5ZVu1zPRhF6xEL8agm0eGsUbentY0YWp0KaOkRJjboO-6ODRy5SXZM63wP9gCDfi_NIzt_u0aCvlbHwdeJya8gdMd4eH3NY7B3W-VxT0ypDPWBmybNMGDooiWJLYTcmzCDXsxXjKrv3I8QKWKgpg-3TRWRfEmsbhjJ4UpWb5RkUFPlV8henoKeXQu9KjuHrAK3aOImv4xjKJc-Dcx0onSps1pxO6sgONmZEnhzMJaVu3k4fluGGPOPftbb-aNVucze3nsPa6JvYIhuNZjqgRoQQISHW8Wjps4DK1UGm0eux9ICjvKrbKVI46IBMRoW2_3fj8GmubALCyvD6vRM3q02m_-L4tWW7bqJHyqJI_46ynWls-S-zT_WlHmYtXMOy8Id745Diu--FnmXXWVdWJowESfOypmgWSiIBe9NXF9J9tvHUXQy5VJwgfj8XD1yc10L24oGxEhlbdb8ro4VvTRJk6WN_-ZBBZ7wJo1uN5bVdiPFCWVWC3-AMb-hYtoE9pVvVm5gB7_U3_iaY1KTKf4bsG5J_HvDNm_Z_-7fmesv0Yui1l8K2fX0fsNZ8qheBgbDY_L8lMA7f6arbnbt2Hnu84DH4GFV3xVxR3fw1VFCwuTks9BURwzE; fcf5216c-900c-432c-8f7e-06f9719b0174-v4=DCoc58F6gF2-qaZrLH8RPgqlu05-C-rkGbrtcy3DSgU
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 05 Nov 2022 21:51:14 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://casinonorgeonline.com/?cep=JyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI&lptoken=168667cd683b68297414&zoneid=4367892&bannerid=15428234&zonetype=%7Bzone_type%7D&campaignid=6250530&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
pragma: no-cache
set-cookie: 74c0b0cb-fb1e-4335-b050-38cf0982270d-v4=3tawVgkQL4De94mz4NjU52UFAOu5XfEZ-NPavcv9A2Y; Max-Age=86400; Expires=Sun, 06-Nov-2022 21:51:14 GMT; Domain=entioneryconnium.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=rt0cNRFeh3E_pthj0VpJnUKzsalTrLX5LCqn8mHB2AkqqmRBkpn2REr5OF_fYkz6BYJrJWZqQF5j4TsaMBPbwhO0dqXUGawA578jb_omh1DFiycp1fPG23YWeSZmIzZ9POJdagkxlaTeHAwdNIQE0BB3fy1gCrc4k2gviOM-Yd1tMSou-cRlPszMVNvbMU3QY0w4HMjeN2YLy_z4oVIsYcCBfsQcWkF2U_wTsOR9kwc8dMaTDVgiFs6pT-XP-HrYJP45eZoEcKnOtUroDcDGZA0OvskP_dLlaUbmRpk9vE3PO510uyWrftEzPyka5rW7MQ75pewUD9YpU1RTGMmRr3TlHQITkY5rF0whVg3xmxnWHHkz49VHkR_mT6OXO11jDXfthNMZzH5Q-1fq1OkBv07vYBFCX1tOIkRYuylB5JE4B1V3gQoc2FLZufamGG5Opfg-mIF0hyyktyjLqgF5WZtIoQNI7pGAi5wC78kLltuqunzUExTMCw20S5a3Q4F4HLJ2MMCeejOaA3QIP-VCICReAjurWPPsSw5Cm_RRjmvPCutZD69rjTsFXN0LLCPjpGTCQnodkB7Ofdi9Q6rZvyKBeWDMP4a0bMfNgmD2CXS535GPoWqm2-FC6B7vntkcQPeyz4DCXRUL0gUAwa9ugem66w2qffIhtQnbgpSEB7-eMJGUCfcDsW-aACUbgSYcCx2BfgEM7JeEliUqCJRk5V75zZDIoNk2JaXsVLEzzQ2Vx62RKItEYscwekCRDwhUdr_uE09tXB7f0lqRJo41ieWP72aFVFdpHd4fvt19YSSbESZcm7QGHKyjaV1Y8sg5TENBh9PxTHvK1NKsot4UdakdsBPfu1N4HsySLBysbDFvEa0uczP_Povwddv5S2XXB8XExuxsrMLF4psGKBaPbavBjjfr3MMdPV_felKU_HILa0e1SWIp-vcGCn7dJxPWXadn94v0OiTjAwL2daqd2qNw2snksFCYZmeWNd48k1FO2PM3gAKqM_PTIPZuKOKwyddfPVceUbR_yZtxAHQ3Ko97oLvRaVOEwMc0Y2lwBflNbu_nmwsacin6uRmtAMCO7ABKl-zd6uouv6yVpjNOS904P4p_7B-oibYp194wxl2npb85dMUf4hNbL38zsYnw07GQ-B93Zq89qAkGD1coaWFhseVCuV9icHSml8w967tKKAfUAtqkJT7sTOzZkrarDSzIxGDnUQNluBhlxGwo21PmlVV2ojRD5Zxlp8C4qpM; Max-Age=86400; Expires=Sun, 06-Nov-2022 21:51:14 GMT; Domain=entioneryconnium.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bc402cb471252b9d218108f0268adf81
02e9a9c9d36044245a09dbef75fa3b5d91756c86
263bf6aad8b0b393b346681d8629093e347ac88dfeb03ed46018f3a0885a0a0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 21:51:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 16:52:37 GMT
Expires: Thu, 10 Nov 2022 16:52:36 GMT
Etag: "02e9a9c9d36044245a09dbef75fa3b5d91756c86"
Cache-Control: max-age=413481,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7658cf4308b5b521-OSL
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7dd4c27daa3c8fd551b6bb2860951fe1
2769c30952479c40296c0eb1cf31e5c9ea817cb8
5026c38c390c03dbf31bad0b2653d29ba669c6bec753372c376fad5e7aa9bc31
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5026C38C390C03DBF31BAD0B2653D29BA669C6BEC753372C376FAD5E7AA9BC31"
Last-Modified: Sat, 05 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9557
Expires: Sun, 06 Nov 2022 00:30:31 GMT
Date: Sat, 05 Nov 2022 21:51:14 GMT
Connection: keep-alive
datatechone.com/log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314
139.45.195.253200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 938
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 05 Nov 2022 21:51:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
rouonixon.com/favicon.ico
139.45.197.238204 No Content 0 B URL HTTP/1.1 rouonixon.com/favicon.ico
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=4367892&var=4367892&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=ca489b8708f44b2c872bc50d5ad36c26; oaidts=1667668086; syncedCookie=true
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 05 Nov 2022 21:51:14 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7dd4c27daa3c8fd551b6bb2860951fe1
2769c30952479c40296c0eb1cf31e5c9ea817cb8
5026c38c390c03dbf31bad0b2653d29ba669c6bec753372c376fad5e7aa9bc31
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5026C38C390C03DBF31BAD0B2653D29BA669C6BEC753372C376FAD5E7AA9BC31"
Last-Modified: Sat, 05 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9557
Expires: Sun, 06 Nov 2022 00:30:31 GMT
Date: Sat, 05 Nov 2022 21:51:14 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 21:51:14 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 278618
expires: Thu, 26 Oct 2023 21:51:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyOxx%2BSBGyTPy3fPGLKKCfTK200vB9tmHuvZQGMiuwrsZz1oXRCGb04oCVkHlGAbnZEelajSxTlpHlrB%2F00Zah2SgoNSzdRbNjlJGOxCy8coFJapHnT2VzAE2j5jFJ9s7q3xE%2Fmm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7658cf45cb6eb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 2.8 kB IP 142.250.74.35:0
Hash d17ef8b9b5670a71eb8fbbeb4395aac4
1ae94e97e2639dfea5dd655ee22dbddf6c82a063
1930debdd865fed30c1394b11981e6f002f23af875b9ae632767eabc7128dff0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 2.2 kB IP 93.184.220.29:0
Hash 4c5d1e8f95060574329677350348a2d2
7c88e0b7a88c328ca833f754c938d379acd9e19c
f6a6e4806bf0449bc6b4682137b4e8838dbcf7d3627e45bd616684a09a62eb07
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3496
Cache-Control: max-age=126829
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:14 GMT
Etag: "63661997-1d7"
Expires: Mon, 07 Nov 2022 09:05:03 GMT
Last-Modified: Sat, 05 Nov 2022 08:06:47 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 1.1 kB IP 172.64.155.188:0
Hash fb96eb29c9afda0fa3e325abd496efca
27f90695d47d4d3ab66358e888d0c3b1c5ab2050
cf93072185706d2054cee49c92fd14b1e890d9ffad7b390628201bebad1e648e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 21:51:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 18:25:20 GMT
Expires: Thu, 10 Nov 2022 18:25:19 GMT
Etag: "c5588f7f402a41c39405d7459367eadb893fafaf"
Cache-Control: max-age=419044,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7658cf464c77b521-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3ebbd65a2bdd5c6f3dea5a6b99b25f0d
484be27b25b736a7e7e2b1d5ef9760aecdcec01b
5616e6c097b0b7680eeee193b58950faa38c9792e8793c16c315e2554a34cdd1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.rtmark.net/p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1
IP 139.45.195.8:0
Hash 376444d037abbbd9402240f8c222c97d
5ec45f563af8c2debca757decd4e1990557b2e62
e3b4c75f6fdacc921d8fa7ef1d0b8b4c0422c23558af7f5a82e7ec819dbe671c
GET /p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Cookie: ID=083be3f72a104cad82895799219e3ff2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 21:51:14 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 2.0 kB IP 142.250.74.35:0
Hash 7862810718adf50d67c4f4e7699ec3df
2428ed9c3b24f23df97567ab77d73cef891c964a
9d4b1dbe853ecdc732c2c8572ce2789c0e26f6399fff49de5990240c07b06375
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap
142.250.74.10200 OK 1.4 kB URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap
IP 142.250.74.10:0
Hash c8a5b29e7c515fe25ef601520130bec9
248482b7983a7ca5f515755fbcca071981fdc8e5
3ad77bf0af6fba2d4da9ac13cd156c01342b56e08e0dbe72c0ba7832b338b001
GET /css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 05 Nov 2022 21:51:14 GMT
date: Sat, 05 Nov 2022 21:51:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e13e65ad7f6f12300b12d6cd6936d621
575faf606b5c5e39e0fbbef59998bcd3625aa141
10787f99c02b63d52b9b74fcec9497108d67c56c4a9436e0e3c9a7129d727dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
216.58.207.195200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 14:43:52 GMT
expires: Wed, 01 Nov 2023 14:43:52 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
age: 371243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.195200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:30:59 GMT
expires: Thu, 02 Nov 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 267616
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
216.58.207.195200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 21:48:50 GMT
expires: Thu, 02 Nov 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 259345
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.195200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Hash e08be6d5d433944f7ad52902e4d24db5
e2600c1d60d12d397b3ee44411a021231d71e974
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 06:03:56 GMT
expires: Fri, 03 Nov 2023 06:03:56 GMT
cache-control: public, max-age=31536000
age: 229639
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-MCSZ5HF
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MCSZ5HF
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash d0326e77c9be1cf9ff0bd7066d0cc0bd
b5d455a96c83cb1b93fb1e350a65ecb286c04c6f
600b70ceb8884b7b95bfb6f90c91db3a3d8e6d60e5510e81b27097a26bda3074
GET /gtm.js?id=GTM-MCSZ5HF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 05 Nov 2022 21:51:15 GMT
expires: Sat, 05 Nov 2022 21:51:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 05 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45201
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e13e65ad7f6f12300b12d6cd6936d621
575faf606b5c5e39e0fbbef59998bcd3625aa141
10787f99c02b63d52b9b74fcec9497108d67c56c4a9436e0e3c9a7129d727dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9V58KDJYXc83U2qLrFISKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pXobZ2+QFXu3eS4eTFHiBCGLyv0=
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 05 Nov 2022 20:41:09 GMT
expires: Sat, 05 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 4206
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=940905382.1667668087&jid=753820744&gjid=1933317312&_gid=937246882.1667668087&_u=QACAAEAAAAAAACAAI~&z=1803319668
64.233.165.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=940905382.1667668087&jid=753820744&gjid=1933317312&_gid=937246882.1667668087&_u=QACAAEAAAAAAACAAI~&z=1803319668
IP 64.233.165.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=940905382.1667668087&jid=753820744&gjid=1933317312&_gid=937246882.1667668087&_u=QACAAEAAAAAAACAAI~&z=1803319668 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://casinonorgeonline.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 05 Nov 2022 21:51:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Cookie: ID=083be3f72a104cad82895799219e3ff2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 21:51:15 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=083be3f72a104cad82895799219e3ff2; expires=Sun, 05 Nov 2023 21:51:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 21:51:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18619
Expires: Sun, 06 Nov 2022 03:01:35 GMT
Date: Sat, 05 Nov 2022 21:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18619
Expires: Sun, 06 Nov 2022 03:01:35 GMT
Date: Sat, 05 Nov 2022 21:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18619
Expires: Sun, 06 Nov 2022 03:01:35 GMT
Date: Sat, 05 Nov 2022 21:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18619
Expires: Sun, 06 Nov 2022 03:01:35 GMT
Date: Sat, 05 Nov 2022 21:51:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18619
Expires: Sun, 06 Nov 2022 03:01:35 GMT
Date: Sat, 05 Nov 2022 21:51:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f58211ba5351479df022215cd16ecd2
f54589d1eb5771befaef24a6299a6719c4353e97
8feccd5bce6e772e178ccdd2a1d084407d65bb82474d943b01efc0d5b660bdec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4812
x-amzn-requestid: e2bfc209-f109-4c05-a7ad-52b5bd138610
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a2ZK9HBWoAMFqPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f3bdf-6ac70df57b5a16d66e16dcdd;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 03:07:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KI7lYyLdzGvaKGQoblTwc15JiuoSh3uVi_B_JBCSMg_BaTrhlLHl5A==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 08:27:01 GMT
age: 48255
etag: "f54589d1eb5771befaef24a6299a6719c4353e97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a3b1551512640bb8f5e7deb80c32272
75805b9f03aef14cfad025259936ae5f217d25ca
5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7783
x-amzn-requestid: ab7cc6ee-976d-41a4-b5da-0aefd5cb6246
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEJnzH15oAMFlwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bc98-68f910b60bd5ecaf2947c59a;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:17:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JnvKcym5f71Ra_ZHzkTXnU7Fa3D5zBFK9JFKXA_A3G98jN9r3Jikyw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 08:24:07 GMT
age: 48429
etag: "75805b9f03aef14cfad025259936ae5f217d25ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 06:27:59 GMT
age: 55397
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7c9c908e891e7277f21a914fea9aa25
596c3c084ae3d850a5dc28e549b4e22f2b8cc71f
709c217b3ac09712d2af4366316c8977b1a4e2a73f887b3e30f10df1ed50bacd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9150
x-amzn-requestid: 7c179507-20a7-4fa3-993b-f79b3e7949ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apwiGHD_IAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2e0d-337623ce79dc53c864632c72;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:06:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CKSa8_W-V5Rf8od3FFPgvBmlfXcqaYotYT5u6Gm8UvmXECcAzfAGoA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 14:36:54 GMT
age: 26062
etag: "596c3c084ae3d850a5dc28e549b4e22f2b8cc71f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:52:32 GMT
age: 86324
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eaf06d0fb99703abfd57b962eb21ce96
ce73b0ad22139bec863ed990e3d3af4bdc3df288
a226250245611193be882c92f2d9920cb6ceeb12823b48c0b9c8fa2aba1c8c0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6909
x-amzn-requestid: 7c500c29-f514-491c-b2fe-a732a546925f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: awWpEEYHoAMFWdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635cd16d-6d9c4c5c41f4fcd16cabda59;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lOCFTDiIxZDBzypATpujFz2hjWPabqjokrpq1-5An86y5lZLG5xHxQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 07:40:21 GMT
age: 51055
etag: "ce73b0ad22139bec863ed990e3d3af4bdc3df288"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
casinonorgeonline.com/?cep=JyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI&lptoken=168667cd683b68297414&zoneid=4367892&bannerid=15428234&zonetype=%7Bzone_type%7D&campaignid=6250530&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
104.21.18.31200 OK 0 B URL HTTP/2 casinonorgeonline.com/?cep=JyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI&lptoken=168667cd683b68297414&zoneid=4367892&bannerid=15428234&zonetype=%7Bzone_type%7D&campaignid=6250530&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3
IP 104.21.18.31:0
GET /?cep=JyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI&lptoken=168667cd683b68297414&zoneid=4367892&bannerid=15428234&zonetype=%7Bzone_type%7D&campaignid=6250530&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.000496&visitor_id=612878221515698951&rdk=rk3 HTTP/1.1
Host: casinonorgeonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.940905382.1667668087; _gid=GA1.2.937246882.1667668087
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 21:51:14 GMT
content-type: text/html
last-modified: Sat, 05 Nov 2022 01:33:00 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lWzATNvchkBwjgl3dbF0L1UZap7soc5tmyfP4lvk4CWwN4S0OgPTdOj2iUT8gIkFL5qKOdSe9aix0X1q6hFgxtgamB4sQk4mViqNOkX83l3i2rYQWFe8WuKp59%2F2vBr9S3xcMFUVUU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7658cf43ad3eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
entioneryconnium.com/d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667685073512
35.157.125.133200 OK 0 B URL HTTP/2 entioneryconnium.com/d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667685073512
IP 35.157.125.133:0
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DJyINM7E7efVHIUB9-9P09X_n6ope-Uf7tFye0PvooVaXrGgMaPzFfnSYRNBv253SNNkjhFc0JL7JT9jDcjlFz64kHBtb3L8lIoKLvAPbQie2IXpmWcmWSA7u7T2T1d2LiaHK73LlqmHAqaqfYZNJVdwAKajdyXtThne_Hm88miiePgNYbgv7v_dVkBaw-MGUNw0NZe_VEHrgr02PwlBCy--7qqvX7BTxChGV7PrAaAgrBycjNtEYvbqfRtt0AwFY3TqiT0Eebqj0m_jjHPvNexCA8VXMbdnpbhrlv8P45zkiGs_vl_xb0FExlKSLLa9oeEH6u7u9-N3F6Umla2CBjIApMNcmwM5ahRYqpNuzGE71FizPeQ_QQhBE4qAQ07QJ6fNt9jT-1UPtjmIGCYnA3vj-kE0GUUYpADdkdDYg2GIZgnWbKaLq5zW79dYXRoK3__8IrAyx2lLQm_AxxigQIXq2hLyu9XjNoB3cEnNJcQEJBd1PzD3PVczzc03jMk2L3APKoWjs2LqIWYQpC37D__QT5CHWYmNl1rmbYjST_GiN1NeXEP4ogN93S4CaQyda6Un0gBSF5FPKn7jYvCeavD5fIoXdKS3t3l0GYxuWzgUY2rFBGgnbZovpQmYe_nGce2j7sQp6HexBdkqxIhNzywN2B9HvwEpoKyaeD_sTN-OkN9v9EAtie4qeGj-ebDq3i-QaMZ1dtLUss6l0FoUtAFirFeMpTZUJkl_rE7WwnOIiClzN-3xcTliAQyltp_grkrHAfhYI1lzbmARElPahorX_984e3ortMfqCyw1MfjzykVGwCCuoUVhNKLJZmzkAn6Um242kD6CLfLXQaUIugED7hTeU0KNLMvzl_Q6xKJZSkKxkmT7uTJwWkbSA0R8lEKx1yADKpGVmV74PGCBm-1hw0zgy4nQCP0XNJUTRANNIwxWXcEwIvdbXL7tdwhNX-Gy81gO4J00eNlJ-0O50X4Ifr41G70kQUEiejRQcK5F42FC2R22wRXX4EE0lk8LIKoSryoIJ8R9PTS5xPrabVDFKpHwwAeYdS6kYAXGUpsw8cDOhjq1lgT7zr2XN8-eNO1762LdJ22m6bcq_JDQmh9pRqbh7C9l0hCK7BRYmaLDKYopA1dBZnVKvd6mADTlCI2600WK1GjBMqnstTeE8mKq4tALD5FoXgySeCcH5VX2wtaNvpTkCSN2e82EZkkEwLsNxct6KKc9uQXOOB2WuG08NLXINXJT57jey1dIHJyI%26lptoken%3D168667cd683b68297414%26zoneid%3D4367892%26bannerid%3D15428234%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6250530%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.000496%26visitor_id%3D612878221515698951%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667685073512 HTTP/1.1
Host: entioneryconnium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 21:51:15 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP 142.250.74.10:0
GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 05 Nov 2022 21:51:14 GMT
date: Sat, 05 Nov 2022 21:51:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2