www.cmjdj2smns.com/5LMHK7/2F8LBL/
34.107.199.247302 Found 224 B URL HTTP/1.1 www.cmjdj2smns.com/5LMHK7/2F8LBL/
IP 34.107.199.247:0
File type HTML document, ASCII text
Hash 98dc5549f8849bd0dd9c96b96666f83f
6730ebc5889cf20410c63fb8e05591165afe2960
861ea3a99c3c7e7696eda0cee29372f1deb84715855ff421199c6b69b9a7e0fe
GET /5LMHK7/2F8LBL/ HTTP/1.1
Host: www.cmjdj2smns.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-type: text/html; charset=utf-8
content-length: 224
location: https://www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
set-cookie: uniqueClick_2F8LBL=665313c1-982d-46b5-ada0-87b3c3bbb490:1670221275; Path=/; Expires=Mon, 19 Dec 2022 06:21:15 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 3a78fbfd-f98e-41e1-8891-fd694ffce91b
Via: 1.1 google
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15523
Expires: Mon, 05 Dec 2022 10:39:58 GMT
Date: Mon, 05 Dec 2022 06:21:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3562
Cache-Control: max-age=104964
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:15 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:30:39 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 06:20:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 62
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16191
Expires: Mon, 05 Dec 2022 10:51:06 GMT
Date: Mon, 05 Dec 2022 06:21:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XXHcMdWD3ynbXXEGD7a+wljiEwZIb7O5bQe0ghNs0sGD0onVRc+AWSg3K5TMJxzG+z8HjvV7I0M=
x-amz-request-id: MX95V69M17N77ZNW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 05:47:17 GMT
age: 2038
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 6c4f116df5d22b61833802de4b7bc3d8
4d1362830a44e7de062fe236f92c65cd3d76acb4
cf7cfab985aa2c89eb86afd91488528ff1a60d9f502fa69e345ded08c55f8b90
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 06:21:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:45:40 GMT
Expires: Mon, 05 Dec 2022 18:45:40 GMT
ETag: "4d1362830a44e7de062fe236f92c65cd3d76acb4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
34.107.199.247302 Found 57 B URL HTTP/2 www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
IP 34.107.199.247:0
File type HTML document, ASCII text
Hash fac34a702735ac79294c0ff2645951dc
bb025946516e373af1fb36abe2e300af88fda6be
a4cbd7e80e4d2c050331282c60cd52fb8af96d7f86f71c61a0da55d6d1a4e9f6
GET /5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1
Host: www.c9ikptk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-type: text/html; charset=utf-8
content-length: 57
location: http://p.npcad.com/go/89517/482729
set-cookie: uniqueClick_BP658=5ff85607-5cac-4aea-9b4a-c22ef9608efc:1670221275; Path=/; Expires=Mon, 12 Dec 2022 06:21:15 GMT; Secure; SameSite=None
transaction_id=1ec949192ed44f81aef6a5975ca0a0df; Path=/; Expires=Sun, 05 Mar 2023 06:21:15 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 73298b44-708b-4c05-96cf-3bd95036aa72
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 06:08:58 GMT
cache-control: public,max-age=3600
age: 737
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3547
Cache-Control: max-age=99882
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:16 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:05:58 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
p.npcad.com/go/89517/482729
3.228.63.1200 OK 271 B URL HTTP/1.1 p.npcad.com/go/89517/482729
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash 4a19fe4a9077000c1478b64d9c72d090
cbcaca2e9894ac2dc83519d9a1ac2ac7abab29fe
04210260741006318f6b6f62cc5827aa81273385a54df7517a3e5ad4915d3acc
Analyzer Verdict Alert fortinet Phishing
GET /go/89517/482729 HTTP/1.1
Host: p.npcad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 05 Dec 2022 06:21:16 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 271
Connection: keep-alive
push.services.mozilla.com/
54.148.84.125101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.84.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D41LfJM056UKviBkAcmOyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wCiUU3aMDx0k6U9fbg3rwVBBX8U=
p.npcad.com/ad/ad?p=89517&w=482729&t=7013e34c5dda52ec&r=&vw=1280&vh=0
3.228.63.1303 See Other 0 B URL HTTP/1.1 p.npcad.com/ad/ad?p=89517&w=482729&t=7013e34c5dda52ec&r=&vw=1280&vh=0
IP 3.228.63.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=89517&w=482729&t=7013e34c5dda52ec&r=&vw=1280&vh=0 HTTP/1.1
Host: p.npcad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://p.npcad.com/go/89517/482729
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Mon, 05 Dec 2022 06:21:16 GMT
Location: http://xml.poprtb.pro/click?i=qQpvL3yuk3g_0#pc224398
Server: nginx
Content-Length: 0
Connection: keep-alive
xml.poprtb.pro/click?i=qQpvL3yuk3g_0
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.poprtb.pro/click?i=qQpvL3yuk3g_0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=qQpvL3yuk3g_0 HTTP/1.1
Host: xml.poprtb.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Pragma: no-cache
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8e6f84dff61fedd8ff9baa9bb648883
f8d5cc7b315879b66a11b403463da1330617d2fa
025c66a4a0e7927353e1733d7f8cfb6ec3c9c0228d34267cbff11f09cf112127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12348
x-amzn-requestid: 72f681ef-9ae7-4fc5-8539-230e1d4277a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKa_HpTIAMFrcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abddf-43ef45165fd982997e5018c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:09:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGsNaADKr1KoJT7rxDSFf8dxM1_IXsaF67Eqe8DIO9PAJy8HtqQKng==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 04:17:03 GMT
age: 7454
etag: "f8d5cc7b315879b66a11b403463da1330617d2fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vhtd0Bo5kTQySEn0vD_RJin0usoC7GQvK74fhVtrtZNEy64_vrWQNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 30931
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 29896
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c36448c65274ebbe1eb21e3bf02385e
e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28
6f17788a394f1305755805a1b92117b1c1a03a1e3a075cb97a0da5184d574553
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: ae2ec151-d383-4554-9ac2-3d204701251c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ttFDKoAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1324-15aebb1a06253068472a6ab0;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kYXmy10msfeWdDYgvq0PXyGpy9UJyQkSLAhR_Q5PQMllJPXOOTnalw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:53 GMT
age: 30924
etag: "e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50eeb012f0903f0848c8afcd6b26a7ec
ff7740d3c12ce7ab23291272221c0d9503f9c139
f4aeac45941c34d8e0794d20a4bb2658b020fed85c5059f247844f2755bc9d72
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7631
x-amzn-requestid: 9fc3a621-dcd9-4332-b085-6cda0cb25ac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUYF2toAMFVkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-36f6c7d67940ed18394328c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dl8jhq0YETppiEYYnJeap1IgU8-xFLAUnsleTdG1EZMwZfHmDaQQQg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:25:28 GMT
age: 10549
etag: "ff7740d3c12ce7ab23291272221c0d9503f9c139"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0402b0c3474a5bd3b1ba804528b64a8
2d47af0fb664d9fec52549bb3bdba1dfd8911bb2
7f87af77663b8bf22211e135554ada8865cdcf6499e9fcf0f3442b10ca3984e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5276
x-amzn-requestid: d337310e-59be-4268-bfd0-8cc4f2c91a11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_soE98IAMF0aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-230591591f8fd0984c222549;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x7xrn7E3aUdw75Br3B_GcqRhg-i5FcqG2NRMo4Pa5VhqjblbsvcgDg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 30782
etag: "2d47af0fb664d9fec52549bb3bdba1dfd8911bb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 387f33eb66c3b7f1eee293ab492bf85c
94d087d77680fa68297282369a90e213ff553a71
17d3214da9fea9561fd27a58c0faec65f3eef457ba19b64ec231ba42edef8ccd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17D3214DA9FEA9561FD27A58C0FAEC65F3EEF457BA19B64EC231BA42EDEF8CCD"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19101
Expires: Mon, 05 Dec 2022 11:39:38 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 6c4f116df5d22b61833802de4b7bc3d8
4d1362830a44e7de062fe236f92c65cd3d76acb4
cf7cfab985aa2c89eb86afd91488528ff1a60d9f502fa69e345ded08c55f8b90
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 06:21:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:45:40 GMT
Expires: Mon, 05 Dec 2022 18:45:40 GMT
ETag: "4d1362830a44e7de062fe236f92c65cd3d76acb4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
38.100.129.136200 OK 2.1 kB URL HTTP/2 us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
IP 38.100.129.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1bd40e0b9b6337dcf733dff332125f78
ab4d87daa4b7e1405fc7027b239bb66f09c82f1a
bbbb083c9a63f397e636e99ad342d0863df5d5de7293707a82ea4e59de0c6801
GET /postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:17 GMT
content-type: text/html;charset=UTF-8
content-length: 2101
X-Firefox-Spdy: h2
us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d&token=ae25410e809a9c53853af30e94e5b1f8&timezone=0&iframe_test=false&webdriver_test=false
38.100.129.136302 Found 0 B URL HTTP/2 us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d&token=ae25410e809a9c53853af30e94e5b1f8&timezone=0&iframe_test=false&webdriver_test=false
IP 38.100.129.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d&token=ae25410e809a9c53853af30e94e5b1f8&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:18 GMT
content-length: 0
set-cookie: platform_user_id=desktop:b9ce734ea0955fdbdaef46d4d37c6039
platform_user_id_3rd_party=desktop:b9ce734ea0955fdbdaef46d4d37c6039; SameSite=None; Secure; Max-Age=31556952
location: https://track.trackingtraffo.com/push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE
X-Firefox-Spdy: h2
us.doctorpost.net/favicon.ico
38.100.129.136200 OK 0 B URL HTTP/2 us.doctorpost.net/favicon.ico
IP 38.100.129.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:18 GMT
content-type: text/html;charset=UTF-8
content-length: 0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6f893b514649109a95e0a5a296c9d21f
cdcf062ccd27731f447c794459fb283d185dd2da
8ae5c6a97e5ca5051bee79bde5348ed85c2304e3f9cf6c431bea1458f6317d06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 06:21:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=538399,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae4e3c85b505-OSL
track.trackingtraffo.com/push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://newbinotracs.com/click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage
media.playamopartners.com/redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
23.36.79.25307 Temporary Redirect 0 B URL HTTP/2 media.playamopartners.com/redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1
Host: media.playamopartners.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://natregs.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 05 Dec 2022 06:21:19 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 05 Dec 2022 06:21:19 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a180698%2c%22BID%22%3a2036%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670221279095)%5c%2f%22%2c%22CookieTag%22%3a%222036180698451240919C2022125621%22%7d%5d; SameSite=None;; domain=.playamopartners.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22935266510%7c1%22%7d%5d; domain=.playamopartners.com; expires=Wed, 05-Dec-3021 06:21:19 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=35
X-Firefox-Spdy: h2
natregs.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
104.26.3.89302 Found 279 B URL HTTP/2 natregs.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
IP 104.26.3.89:0
Hash 4e6c3003c21f05f32c7646a23759712a
a5950f64cdc0be4d116273e32cbab4a38ef66a3b
b2a7f91d3baf4ac0e4abf08076dd4e57bd098deedb5953b207523f34d4893b88
GET /promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1
Host: natregs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Dec 2022 06:21:19 GMT
content-type: text/html; charset=UTF-8
location: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5jl6XUpiIewZLCBP%2FDczWCfyf%2BuAL%2BWuAlthn3M%2FJVdu51ca89k0GXmgg9CHiajyhpBImUNHEAwp%2BVT5eim8j9zwUHMPkw5IP4I5wptbhCtqS4vJYTuLRwViuwS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5318131c12-OSL
X-Firefox-Spdy: h2
nationalcasino.com/images/nationalcasino/to-free-spins.png
104.26.6.72200 OK 82 kB URL HTTP/2 nationalcasino.com/images/nationalcasino/to-free-spins.png
IP 104.26.6.72:0
File type PNG image data, 229 x 252, 8-bit/color RGBA, non-interlaced\012- data
Hash e0be4af2aacbf64c71ee26fc8b66725a
45cf83451434c81703c2afb6504f9875b86465ce
21cc5a719c7133bcf4af5d5cc1d34ae3dfb39cbe56a84796ed4a5ec013f08961
GET /images/nationalcasino/to-free-spins.png HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: image/png
content-length: 81509
last-modified: Tue, 29 Nov 2022 08:47:00 GMT
etag: "6385c704-13e65"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtYp%2BLRvMZgI9BPgYNyOrwlJH4LIm3KkjvXIbr%2BW38g0BQcMJIRjb5Q6kgfG4FE6c6T%2F1Pm6XYDGxULtWD4aqdAA%2FAQDtYvmBpThAs5pbv2b5sslrJIfsZYQW%2FBp%2FgPV4TSM1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7eb4f1-OSL
X-Firefox-Spdy: h2
nationalcasino.com/images/nationalcasino/to-second-deposit.png
104.26.6.72200 OK 70 kB URL HTTP/2 nationalcasino.com/images/nationalcasino/to-second-deposit.png
IP 104.26.6.72:0
File type PNG image data, 229 x 252, 8-bit/color RGBA, non-interlaced\012- data
Hash b718e1f10040c23b73f9e134b195596b
4949443c575ad1f39ece00361f798a3b4d4ccf43
dfd48f8f478eea34526e35d0d582d5055a28b4e5b54c31196957f178cc28293c
GET /images/nationalcasino/to-second-deposit.png HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: image/png
content-length: 69995
last-modified: Tue, 29 Nov 2022 08:47:01 GMT
etag: "6385c705-1116b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OhfCghzi88mYMoMhNg8LgWOk%2BTjbS%2BAxPP9oSzvMV3Hljbq%2FTL04RKhDxCG2amFOt9TfnaW3oRq13hagQfBGWASsYhG6tL1y5t2uCER3xZZnj1dWIiVMn3fquhKelqGpmhdjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d82b4f1-OSL
X-Firefox-Spdy: h2
nationalcasino.com/images/nationalcasino/hexagon.svg
104.26.6.72200 OK 727 B URL HTTP/2 nationalcasino.com/images/nationalcasino/hexagon.svg
IP 104.26.6.72:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash afa38dbcf0664cdd5cb0e9c701069dda
161e72c10210ed4d76268ee958919d7c70515a15
cad932d91e2b4fc8f025acbda3e29329581f59bec4dcb048297c455da32034a8
GET /images/nationalcasino/hexagon.svg HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 08:46:55 GMT
etag: W/"6385c6ff-3ab"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V39UJMn3HmuErrbbe5q6%2Fub0gRD%2FeJIHTb4DeVByoYtCsfsNeNOVriKyXpKg5zM%2F%2FXB0rO1fczm3nQ1JOnu%2Fb2hn1oduVmWqRngHhcPwkK40xCzTMMb2b4POSBNKTZHMJ4IMpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7cb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 45e5b716bec6d3adbb136b2301f6b4dc
e9ca5b785dbdd8bc67f0d4f0330e415350509553
0227da719eca50edd15043e1d48b7fa785ff7ab39f5b476bb4a43781b4c4aed0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:21 GMT
Last-Modified: Mon, 05 Dec 2022 05:39:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
nationalcasino.com/images/nationalcasino/hexagon-active.svg
104.26.6.72200 OK 1.0 kB URL HTTP/2 nationalcasino.com/images/nationalcasino/hexagon-active.svg
IP 104.26.6.72:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 207052c0e33283200bfd095c286efd1d
f9d73e35069efdf12194bf959aa98b27c96e78fe
f1a2b58abaa880a02c7986b401b41668918f18102a95fab04069f905c16adefc
GET /images/nationalcasino/hexagon-active.svg HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 08:46:56 GMT
etag: W/"6385c700-4a0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XcPfm4wUQhs9m1cutZ13tK%2BwEVJ83VSenoKaNn0ONMgcVSWhBN9qIgEsJoVL115a%2BmNTyQpBcGdnVVy%2FZZ44pFOHs%2FMzbTu03X1S1rsJLAZC4%2BgL6xDqpZ8wrQxN%2FqQfmnP5tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7db4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 33f95775dbc1e8abdded939f4e05cfcb
59ab4c6bd37f8a84c5c81ab51db00d70ab903835
687eec3f7c834875eacbde793a71b3856da78eabfbfef5a4e5ccb09c62efc1f7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131639
Date: Mon, 05 Dec 2022 06:21:21 GMT
Etag: "638ced18-1d7"
Expires: Tue, 06 Dec 2022 18:55:20 GMT
Last-Modified: Sun, 04 Dec 2022 18:55:20 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _UslGYBxro1Z-cgpsv5NZQoGLY7_W0X31EExwIJnf9J72JaXZeC4ig==
nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
104.26.6.72200 OK 368 kB URL HTTP/2 nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
IP 104.26.6.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14545), with CRLF, LF line terminators
Size 368 kB (368002 bytes)
Hash d25c86eb7b32af611548fbc24d29e3b0
0af0fa4d711d16a54770af8814059d0d83955d6c
445e14150d10c79ac5e46d7d948380a2a29e24441460171741781559e79dd548
GET /promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
set-cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=none
subid=ecc41gxqdibgxlp5b3; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=none
utm_campaign=Ubidex-National-Ksenia; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax
utm_medium=Ubidex; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax
utm_source=retargetvr; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax
utm_term=Ubidex-National-Ksenia; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7keecFm%2B%2Fp4qpxiZNe26Y5%2FTDnLRhvfu4NiFG1lhkD0MFADSS5rfOkBc9ZK9s1rw1%2BuKK7rmdR%2BZ3Kk%2B7uOM3NqZ2jq5je5CI%2BqXJnCWm4%2FCAT8ymvrPcrBnRT%2FHkJcjq%2BoqJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae58d87ab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/assets/loader.gif
104.26.6.72200 OK 542 kB URL HTTP/2 nationalcasino.com/assets/loader.gif
IP 104.26.6.72:0
File type GIF image data, version 89a, 500 x 500\012- data
Size 542 kB (542186 bytes)
Hash a878deec794465582b3e94fea2d33da1
dc9039cc6aef4728917b406b73a7203f8f6810f5
b5712905b34bf0e84bfbeca1e23318d614c2d827bef77fdcc7c6792f9aa75496
GET /assets/loader.gif HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: image/gif
content-length: 542186
last-modified: Thu, 17 Nov 2022 09:01:29 GMT
etag: "6375f869-845ea"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwvkh5bnbZVGJPZ6BWpfGVbmPVdeZhB44i1pN9cjT48dd6P%2FUi8U9ZB%2BRv9osNA16cg5lHhlhEHptNBTctTOlB%2FcJWBT1LJDrrJQ0MQVnPHWRs8LFKdxFkFtYvpjicFDwWFLrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d77b4f1-OSL
X-Firefox-Spdy: h2
c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3BhY2VyLXNwcml0ZS5wbmc%3D
54.230.111.125200 OK 95 B URL HTTP/2 c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3BhY2VyLXNwcml0ZS5wbmc%3D
IP 54.230.111.125:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9591c410148e6883727c5339fd1c02cd
3442a95fe890ce4769b36b2ecc611b801a54cfb5
cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323
Analyzer Verdict Alert fortinet Malware
GET /sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3BhY2VyLXNwcml0ZS5wbmc%3D HTTP/1.1
Host: c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 95
date: Mon, 05 Dec 2022 06:21:04 GMT
x-powered-by: Express
cache-control: max-age=1200
etag: W/"5f-NEKpX+iQzkdps2suzGEbgBpUz7U"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 774aadf6581c9b7a-FRA
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pOX0yglFXcT6GjXpOdTMLPmnwvbu9uN72tjoTyBqGQbuRkJW99nfIw==
age: 17
X-Firefox-Spdy: h2
c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3ByaXRlLXNlYWwucG5n?status=valid
54.230.111.125200 OK 49 kB URL HTTP/2 c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3ByaXRlLXNlYWwucG5n?status=valid
IP 54.230.111.125:0
File type PNG image data, 512 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 8ef6782be55b8ce8f5b132d28af8e0d0
cb99df77f4865d9c2f287539a5ca474cf76f7d09
d614922fde9604f8899e47f3cc3d69bf952312b996f7cf1421163996710850fa
GET /sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3ByaXRlLXNlYWwucG5n?status=valid HTTP/1.1
Host: c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 49397
date: Mon, 05 Dec 2022 06:21:04 GMT
x-powered-by: Express
cache-control: max-age=1200
etag: W/"c0f5-y5nfd/SGXZwvKHU5pcpHTPdvfQk"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 774aadf66c779072-FRA
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TihTlI9Fx7mrSIBTMVjcEcLg-VihyBvYKXNMW2KO0AvWpwqfTCrioQ==
age: 17
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nationalcasino.com/static/js/app-692ed3cf06.js
104.26.6.72200 OK 878 B URL HTTP/2 nationalcasino.com/static/js/app-692ed3cf06.js
IP 104.26.6.72:0
File type ASCII text, with very long lines (1212)
Hash b0380fb1c37f5e9cdd3b331cd2a86df1
1eace06e05caddeed3f1b8dfa901e96fbf54365b
6aefb24c8f289d49fe10a512fe6d4886915d8746b16b43e188d80b001811ea95
GET /static/js/app-692ed3cf06.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 08:46:58 GMT
etag: W/"6385c702-4bd"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3994
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9brWIFM5xB%2F4jE9VKx5pIisUVN6Xse5v12yrkmR3Ad3y2T5cUJqD0VkapFylC9u%2FOiGprRxnaPaQHGgNe4FQAk14cp%2BPGBFo1gdlx6Z8XpUeQ7AA%2F0vgfVDwQVilzlgef0d%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d83b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5PKWDCC
142.250.74.168200 OK 58 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PKWDCC
IP 142.250.74.168:0
File type ASCII text, with very long lines (18156)
Hash e8da1bcd6a87d8a26b1454041af8e950
34f5ebbedc3d576b2ff828c60ae89f6471059f91
fdcb51d880829dfe7fbb37f932765cf2d7dd671e3bc1cac0e314e904dbd8ad6b
GET /gtm.js?id=GTM-5PKWDCC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 06:21:21 GMT
expires: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58045
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nationalcasino.com/api/translation/get?locale=en_GB
104.26.6.72200 OK 36 kB URL HTTP/2 nationalcasino.com/api/translation/get?locale=en_GB
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 27925a764a731356638a59e29575cfb0
012d874a7c8cadaa8a87cb963f07395172b08349
d57a5c58b115ea023640764cfa966bd92b698cff28de67cf76e6d713ad193482
GET /api/translation/get?locale=en_GB HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XXmNJGXcWmYdGp7cwdSzmp9jkK%2FAXShgZ6wT3VHaTiISvubq5pYcLa0og2b9OiPlS8S76THgSXvxUFlWS%2BXw19wWjT96QgjkkYhC1QhCDW2%2B8Z%2FHNpa4IWlFrV1674fBUdhpjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5fee71b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ws-cdn001.akamaized.net/7693683943e78a298c36d469e68b47d8/widgetloader
23.36.77.10200 OK 60 kB URL HTTP/2 ws-cdn001.akamaized.net/7693683943e78a298c36d469e68b47d8/widgetloader
IP 23.36.77.10:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (40931)
Hash cdcde21489dfe097a97d7ceca71511ec
b5bc41388b923e53de0dced81c8fb96037c82d3f
4fddf93389fe6a88a10f8ccbbae9a446c6037b0b3a3697b7229f68bcfcbf33a3
GET /7693683943e78a298c36d469e68b47d8/widgetloader HTTP/1.1
Host: ws-cdn001.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-security-policy: frame-ancestors 'self' https://st-cdn001.akamaized.net https://ls-cdn001.akamaized.net
cache-control: public, max-age=120, stale-while-revalidate=60, immutable
etag: "9bc46328338c378d30894ab4a4e7d934-a036221ef5aef4e01862643812dd55b7"
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
x-ing-v: 2
content-length: 59719
date: Mon, 05 Dec 2022 06:21:21 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tm.ads.sportradar.com/dist/tag-manager.js?id=STM-AAAAJE
23.36.79.43200 OK 37 kB URL HTTP/2 tm.ads.sportradar.com/dist/tag-manager.js?id=STM-AAAAJE
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (62053)
Hash 1b74a323a6c9676fa834d847cb5bd06e
c8603041e50a01e33bc845ee3868d9f126bd5750
5957cb27076f020f007da89bf019bb69f3c97944e79244106f495055d3e2c3bb
GET /dist/tag-manager.js?id=STM-AAAAJE HTTP/1.1
Host: tm.ads.sportradar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
apigw-requestid: cqMYpju_joEEP0A=
vary: Accept-Encoding
content-encoding: gzip
content-length: 37421
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: max-age=900, public
x-n: S
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tracker.ads.sportradar.com/dist/tracker.js
23.36.79.43200 OK 12 kB URL HTTP/2 tracker.ads.sportradar.com/dist/tracker.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (34755)
Hash b34b13d85152f71b7fd15289c78c0583
0bb20191b022bbd0e75f2bbce7f6332886079c2c
7a3fc57394ecc6745eb6e18745aa1e5e5d05cb2237c4d0d754ab43d33863a84c
GET /dist/tracker.js HTTP/1.1
Host: tracker.ads.sportradar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 20 Jan 2021 14:51:32 GMT
accept-ranges: bytes
server: AmazonS3
etag: "5ff82a1c468a89919e9437d33e0402cb"
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: wuUbQUm4iRwa8A6rowGJaB64BSa2kYagE-KYpU8ZocYAfhri6NZQJQ==
vary: Accept-Encoding
content-encoding: gzip
content-length: 11553
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: max-age=900, public
X-Firefox-Spdy: h2
zz.connextra.com/dcs/tagController/tag/9074f6689420/homepage
104.85.191.64200 OK 16 kB URL HTTP/2 zz.connextra.com/dcs/tagController/tag/9074f6689420/homepage
IP 104.85.191.64:0
File type exported SGML document, ASCII text, with very long lines (2407)
Hash 05569639dfd76435e28a430931df309d
969971e3a0b9f4fdb73349ef05e2f2d5cebd43fd
117b615980a24bd158212bdc6ad7ef71dfd2e9d332b95c9058f5245a53d48d04
GET /dcs/tagController/tag/9074f6689420/homepage HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=utf-8
content-length: 16260
server: istio-envoy
content-encoding: gzip
x-envoy-upstream-service-time: 3
cache-control: must-revalidate, max-age=283
expires: Mon, 05 Dec 2022 06:26:04 GMT
date: Mon, 05 Dec 2022 06:21:21 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
tracker.ads.sportradar.com/dist//sp-2.14.0.js
23.36.79.43200 OK 30 kB URL HTTP/2 tracker.ads.sportradar.com/dist//sp-2.14.0.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (64903)
Hash 44f237857b8d03f32b53fe551e83c95a
91536fe6c60d947d29dfcb5f04d09b752b5ccf03
a5e10dc2f3c729300afe8fe24aa430f57d91fdefa8112c0b35dd424ba612caa7
GET /dist//sp-2.14.0.js HTTP/1.1
Host: tracker.ads.sportradar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 20 Jan 2021 14:51:32 GMT
accept-ranges: bytes
server: AmazonS3
etag: "8dba669b94e3865c9205ef8fd15ee4d1"
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: QbMscScT1eq1WbZN7BMfomOBrf6_dxzxBPAGv4Nnw-yYsUMIK7g4mw==
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 05 Dec 2022 06:21:21 GMT
content-length: 30370
cache-control: max-age=900, public
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6f893b514649109a95e0a5a296c9d21f
cdcf062ccd27731f447c794459fb283d185dd2da
8ae5c6a97e5ca5051bee79bde5348ed85c2304e3f9cf6c431bea1458f6317d06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 06:21:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=538396,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae634ba9b505-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 368d9e056495a149ba52441881780c73
e286a35b09db4de020595235247050a2328d360f
29f8e17f8d44305a732ea874a9c9f7478b641536f478dda05d4c9668c56318ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29F8E17F8D44305A732EA874A9C9F7478B641536F478DDA05D4C9668C56318CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 05 Dec 2022 12:21:21 GMT
Date: Mon, 05 Dec 2022 06:21:21 GMT
Connection: keep-alive
nationalcasino.com/configuration.js
104.26.6.72200 OK 2.4 kB URL HTTP/2 nationalcasino.com/configuration.js
IP 104.26.6.72:0
Hash 70f21f68adf687ec2e1c31ed45d7d79e
818895e3cfe3f7d4e2990bece596e942e783bcb0
f014cb247ec3c13ff5f96fe92e42eab23fcbb12b3b356b19e35d93cf49f50588
GET /configuration.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: text/javascript; charset=UTF-8
x-powered-by: PHP/7.4.29
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEEQhkLFuX8GeTGdRFDTstcV%2FFnx6LkOLiZmjcFVNdW%2BMcN7uRvhU5sOXWBlNvyROqk9xx1b%2Fx17AgvTDPY3b12U65nde78htBtzaoxGBLMgkJV2MAR63bamR59juGnqCcoYIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e8d75b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 25a635474ad0528855d5feb675c78d7a
dac56f1278c5c3de424caae74075268bcd433e09
86e3988110c767c4e0d360f39c8e001a2521252b176cfd5068e0d028b88bf000
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "86E3988110C767C4E0D360F39C8E001A2521252B176CFD5068E0D028B88BF000"
Last-Modified: Sun, 04 Dec 2022 18:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2557
Expires: Mon, 05 Dec 2022 07:03:59 GMT
Date: Mon, 05 Dec 2022 06:21:22 GMT
Connection: keep-alive
track.trackingtraffo.com/pixel/js?auth=61xu7tg&event=visit&uid=undefined&tid={TRANSACTION_ID}&cur={CURRENCY}&amount=0
88.214.195.156200 OK 488 B URL HTTP/1.1 track.trackingtraffo.com/pixel/js?auth=61xu7tg&event=visit&uid=undefined&tid={TRANSACTION_ID}&cur={CURRENCY}&amount=0
IP 88.214.195.156:0
Hash b09c2e73a7acd36e1b90f7815a3343ae
cf4d0cd5eb6a4dd17ddd38a5d1f926a80ede1afa
3deb4bbc40839f8350713d15007765a261b7e3bf72229de5d07172e53bd93ba7
GET /pixel/js?auth=61xu7tg&event=visit&uid=undefined&tid={TRANSACTION_ID}&cur={CURRENCY}&amount=0 HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:21 GMT
Content-Type: text/javascript
Content-Length: 488
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
a.sportradarserving.com/pixel?type=js&aid=1186&id=2527
35.156.160.245302 Moved Temporarily 0 B URL HTTP/1.1 a.sportradarserving.com/pixel?type=js&aid=1186&id=2527
IP 35.156.160.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?type=js&aid=1186&id=2527 HTTP/1.1
Host: a.sportradarserving.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://a.sportradarserving.com/ul_cb/pixel?type=js&aid=1186&id=2527
Set-Cookie: zuuid=8e737555-b7d3-4f2e-9399-88bfcd9b01cc; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive
a.sportradarserving.com/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
35.156.160.245302 Moved Temporarily 0 B URL HTTP/1.1 a.sportradarserving.com/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
IP 35.156.160.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId= HTTP/1.1
Host: a.sportradarserving.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://a.sportradarserving.com/ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive
tag.growthbuddy.app/tag.js?id=DV-94905054618481252564
54.74.8.139200 OK 2.0 kB URL HTTP/2 tag.growthbuddy.app/tag.js?id=DV-94905054618481252564
IP 54.74.8.139:0
File type ASCII text, with very long lines (4966)
Hash 77250bb669dd70cd2fe52425cdf32f60
5072d868cd6cbaa2acdb59f63d108d3421986905
8417f5c374a8a38f5e35d77b2617f810512bb5fbd2c3e5f6875ddfc273cbdd52
GET /tag.js?id=DV-94905054618481252564 HTTP/1.1
Host: tag.growthbuddy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript; charset=utf-8
set-cookie: INGRESSCOOKIE=1670221282.94.114.272232|5f2e1b57d78510d04b0cf9036879032b; Path=/; Secure; HttpOnly
vary: Accept-Encoding
cache-control: public, max-age=7200
x-content-type-options: nosniff
etag: "1382-negDj3/q3mLK2bONN/3hDb5WPZA"
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash feada0c59c0eaab85490c6c8a7bcdd19
067889598d6125a945f0f7815a03328b62e9d139
18d3562684c32ed7b8d7cf02c853d8f1f08bf1074151891d9b756d14fdddfa1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18D3562684C32ED7B8D7CF02C853D8F1F08BF1074151891D9B756D14FDDDFA1F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4374
Expires: Mon, 05 Dec 2022 07:34:16 GMT
Date: Mon, 05 Dec 2022 06:21:22 GMT
Connection: keep-alive
main.exdynsrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exdynsrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1
Host: main.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.realsrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
95.211.229.245200 OK 20 B URL HTTP/1.1 main.realsrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1
Host: main.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
track.trackingtraffo.com/pixel?auth=61xu7tg&event=visit&uid=undefined&tid=%7BTRANSACTION_ID%7D&cur=%7BCURRENCY%7D&amount=0&site=nationalcasino.com&ln=en-US
88.214.195.156200 OK 0 B URL HTTP/1.1 track.trackingtraffo.com/pixel?auth=61xu7tg&event=visit&uid=undefined&tid=%7BTRANSACTION_ID%7D&cur=%7BCURRENCY%7D&amount=0&site=nationalcasino.com&ln=en-US
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?auth=61xu7tg&event=visit&uid=undefined&tid=%7BTRANSACTION_ID%7D&cur=%7BCURRENCY%7D&amount=0&site=nationalcasino.com&ln=en-US HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
my.rtmark.net/p.js?f=sync&lr=1&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90
IP 139.45.195.8:0
Hash 75aab9dd0a7f76694ee9776060328c6f
2d065592c944cc0051b095a6ba50c7377150e7d5
f33a2e591fbcfbb60dd31d6f3078dc14bc068aa1d7372b9708514ad44cd71df7
GET /p.js?f=sync&lr=1&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dcce8495a04264ed619fbfc7a867af86
f810d98553e57bb567e92258a984875c6c6c96fb
353a8977122e2a0d71bb115484025bccd3860a2cd66cb85807d3a91b492fb619
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 04:41:08 GMT
expires: Mon, 05 Dec 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 6014
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.sportradarserving.com/ul_cb/pixel?type=js&aid=1186&id=2527
35.156.160.245200 OK 1.8 kB URL HTTP/1.1 a.sportradarserving.com/ul_cb/pixel?type=js&aid=1186&id=2527
IP 35.156.160.245:0
File type ASCII text, with very long lines (1843), with no line terminators
Hash 1ef72dd9c3b199c0c62cf5988a681aab
2267bb7034ea61a4b4aad465111a7b504662b1a9
6ef6a92145c6632d63b851c20f5cc7d32c4b75bea38e3122fddd8545290b0ab3
GET /ul_cb/pixel?type=js&aid=1186&id=2527 HTTP/1.1
Host: a.sportradarserving.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; c=1670221282; zuuid_lu=1670221282
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 05 Dec 2022 06:21:22 GMT
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_k=1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_k_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
cm2=!bidswitch,439550482; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
bss=!bidswitch,439478482; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 1843
Connection: keep-alive
a.sportradarserving.com/ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
35.156.160.245302 Moved Temporarily 0 B URL HTTP/1.1 a.sportradarserving.com/ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
IP 35.156.160.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId= HTTP/1.1
Host: a.sportradarserving.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; c=1670221282; zuuid_lu=1670221282
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://x.bidswitch.net/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_k=1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
zuuid_k_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive
main.exoclick.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 4bf2c029ffd202bb73fc29b925c34a6b
e663ea5282c947a2a6ae3faa843692db79d3db27
ca7601527b880bfc13035c0ec638a376a79e724926600f4cef0eccde3cc2c2d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 104
Cache-Control: max-age=115874
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638caf1c-138"
Expires: Tue, 06 Dec 2022 14:32:36 GMT
Last-Modified: Sun, 04 Dec 2022 14:30:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 312
main.exosrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exosrv.com/tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1
Host: main.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
nationalcasino.com/assets/favicon.png
104.26.6.72200 OK 23 kB URL HTTP/2 nationalcasino.com/assets/favicon.png
IP 104.26.6.72:0
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash f649afc10275f1cbfcd434396290b1b3
01582644cb47372037afd0942cc63d52d71fae41
d3a98485a8766e2cabc7b9cd05166a3dd9d8ec8eae6ef0b2a93afd6ae19e7a14
GET /assets/favicon.png HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.1.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: image/png
content-length: 22994
last-modified: Thu, 17 Nov 2022 09:01:23 GMT
etag: "6375f863-59d2"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJZzTBbcHQG40rtYjJcqKtjXv0Jag7CfkCU4OXOr0g1OB%2FmyVn%2B3zk9tU55FzwHQV4P6op8Odb82fmxiF5DZsH%2BQJfclF%2BUMplpgQGpLBZoDlp%2FXy%2F3vAxmNV0ScIet0bpCCnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae679b8cb4f1-OSL
X-Firefox-Spdy: h2
ctrack.trafficjunky.net/ctrack?action=list&type=add&id=notregistered&context=National&cookiename=notregistered&age=259200&maxcookiecount=10
66.254.114.89200 OK 35 B URL HTTP/1.1 ctrack.trafficjunky.net/ctrack?action=list&type=add&id=notregistered&context=National&cookiename=notregistered&age=259200&maxcookiecount=10
IP 66.254.114.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ctrack?action=list&type=add&id=notregistered&context=National&cookiename=notregistered&age=259200&maxcookiecount=10 HTTP/1.1
Host: ctrack.trafficjunky.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: openresty
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: image/gif
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Secure; SameSite=None
tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Secure; SameSite=None
04acaa237b5a69118d03403dbe7a25f9=notregistered; Path=/; Domain=trafficjunky.net; Expires=Sat, 03 Jun 2023 06:21:22 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
x-request-id: 638D8DE2-42FE725901BB4A56-28BC8F06
tsyndicate.com/api/v1/retargeting/set/549f8e4e-78b7-4c4e-b846-357584a8ff56
136.243.46.156200 OK 35 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/549f8e4e-78b7-4c4e-b846-357584a8ff56
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/549f8e4e-78b7-4c4e-b846-357584a8ff56 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 6160188f7d732884
set-cookie: ts_rt_549f8e4e-78b7-4c4e-b846-357584a8ff56=AAMC; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
trc.taboola.com/1460267/log/3/unip?item-url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&ref=https%3A%2F%2Fus.doctorpost.net%2F&en=Nationalcasinocom_notreg
151.101.193.44204 No Content 0 B URL HTTP/2 trc.taboola.com/1460267/log/3/unip?item-url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&ref=https%3A%2F%2Fus.doctorpost.net%2F&en=Nationalcasinocom_notreg
IP 151.101.193.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1460267/log/3/unip?item-url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&ref=https%3A%2F%2Fus.doctorpost.net%2F&en=Nationalcasinocom_notreg HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Mon, 05 Dec 2022 06:21:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670221283.708109,VS0,VE89
x-vcl-time-ms: 89
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae69689fb505-OSL
dsp-trk.eskimi.com/tracking/cssession?tst&id=22441
34.120.139.69304 Not Modified 0 B URL HTTP/2 dsp-trk.eskimi.com/tracking/cssession?tst&id=22441
IP 34.120.139.69:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tracking/cssession?tst&id=22441 HTTP/1.1
Host: dsp-trk.eskimi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 304 Not Modified
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
date: Mon, 05 Dec 2022 06:21:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 4e7b418157c36d6de9afca4b6bd2075e
bda4aab996c6dd33b05dce7d5b61073a03662bc0
0a30286f8b9a72d72df9ff1493b0cd68b0c88e19ed69866d00ebef298e574bbb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 06:21:22 GMT
Last-Modified: Mon, 05 Dec 2022 05:21:31 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 21Cdt6EL9P0PnNOTiFGEdQiyo7kCxFQXhrP0v-0sn3kJ-4wUEAFPLA==
Age: 3591
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae698e141c02-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dcce8495a04264ed619fbfc7a867af86
f810d98553e57bb567e92258a984875c6c6c96fb
353a8977122e2a0d71bb115484025bccd3860a2cd66cb85807d3a91b492fb619
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
dsp-ap.eskimi.com/v2/gtr?id=22441&url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&t=1670221279986
35.186.201.99200 OK 587 B URL HTTP/2 dsp-ap.eskimi.com/v2/gtr?id=22441&url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&t=1670221279986
IP 35.186.201.99:0
Hash 4e3df4cdefc15442ae3d360874b78758
ef47fc6370731056f1c8248d1f095b72c50bfa9f
e1fa291b1a09c59cee85db73b06eb39a9ec74cab695e58fc9fcc56c7c98bf3eb
GET /v2/gtr?id=22441&url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&t=1670221279986 HTTP/1.1
Host: dsp-ap.eskimi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
set-cookie: __eConsent=1; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Max-Age=2592000; Domain=.eskimi.com; Path=/; Secure; SameSite=None
__eDId=02dfbb55-bdba-44b2-9f4c-85c73054a3ae; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Max-Age=2592000; Domain=.eskimi.com; Path=/; Secure; SameSite=None
__eP=1; Expires=Mon, 19 Dec 2022 06:21:22 GMT; Max-Age=1209600; Domain=.eskimi.com; Path=/; Secure; SameSite=None
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
cache-control: no-cache
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/json
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.226.52200 OK 2.9 kB URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.226.52:0
File type ASCII text, with very long lines (9097)
Hash 7c950e51f0a1f2591ae7de2bba9bad23
9afd5094f767c3f19df0d56f6f906cd955594d88
d4fc7f55bcde348fd6b20c8dafaa25be06f8b03227e4dfca11e6d35e62f92bf4
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1525
expires: Thu, 08 Dec 2022 06:21:21 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 774aae5ed859b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
x.bidswitch.net/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
3.73.96.152302 Found 0 B URL HTTP/2 x.bidswitch.net/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
IP 3.73.96.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=202be5d2-d787-4ebd-8455-362d9ea454e1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
eb2.3lift.com/xuid?mid=7963&xuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&dongle=3oy7
13.248.245.213200 OK 37 B URL HTTP/2 eb2.3lift.com/xuid?mid=7963&xuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&dongle=3oy7
IP 13.248.245.213:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3eacd0132310ea44cad756b378a3bc07
e2216a7e9b73f5cb0279351c78ce61c33475cea7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
GET /xuid?mid=7963&xuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&dongle=3oy7 HTTP/1.1
Host: eb2.3lift.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dcce8495a04264ed619fbfc7a867af86
f810d98553e57bb567e92258a984875c6c6c96fb
353a8977122e2a0d71bb115484025bccd3860a2cd66cb85807d3a91b492fb619
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
x.bidswitch.net/syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D
3.73.96.152302 Found 0 B URL HTTP/2 x.bidswitch.net/syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D
IP 3.73.96.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=37659f5f-2614-4807-9876-c83cddd71114; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
nationalcasino.com/app/vendor.7443690a9a6ea18c.esm.js
104.26.6.72200 OK 699 kB URL HTTP/2 nationalcasino.com/app/vendor.7443690a9a6ea18c.esm.js
IP 104.26.6.72:0
File type ASCII text, with very long lines (65451)
Size 699 kB (698895 bytes)
Hash 5323b5f8de31a49f6c6a3967c1e56a8a
7df58c0abb7638c2a013a360d9fe84719323a1b7
090330cf4dbc1a66411d6b97bf6617d25ab7ffe052b39fff7b7f48de0421fb2c
GET /app/vendor.7443690a9a6ea18c.esm.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 09:01:28 GMT
vary: Accept-Encoding
etag: W/"6375f868-35b744"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFHDN3D1NEvdUqCwResAzu7Xlv2DfwCL90c3ocprcjYmSrz4FO6YlHx0Gs5FuJCTWl2qs0A5PYRtnZZ6SCisG4Tive00LBRc8PTQeIV4xtRhufVcz5Yuy%2BR%2BGlEKzHxNfUdDYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae626834b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 06:21:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae69996a1bfa-OSL
x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&cb=3760af98-0439-49f1-999b-0a98403fb945
3.73.96.152302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&cb=3760af98-0439-49f1-999b-0a98403fb945
IP 3.73.96.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=409&expires=14&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&cb=3760af98-0439-49f1-999b-0a98403fb945 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Dec 2022 06:21:23 GMT
content-length: 0
cache-control: no-cache, no-store, must-revalidate
location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&seat_key=409&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2e388f1ab4ec88104f57cf23944ee684
39178c45ed645709cc388d5790b1b58a3272a62f
e33b88f6f77d90b65a8fed943a45623e51f1efbdae401a1652f24be68408dba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcIXVIiAAAAAOSkusfnmE4Oe97qAFgJYg71vdQc
142.250.74.132200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcIXVIiAAAAAOSkusfnmE4Oe97qAFgJYg71vdQc
IP 142.250.74.132:0
File type ASCII text, with very long lines (884), with no line terminators
Hash cb83e4684bbb5f087a80e28b6803a57f
38b1365e1b6e709c4d265819410f391aec084ed7
7a797e09f2abb77770e0ed24eb303039439404984775ae7dedeaa067f470d8de
GET /recaptcha/api.js?render=6LcIXVIiAAAAAOSkusfnmE4Oe97qAFgJYg71vdQc HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 05 Dec 2022 06:21:23 GMT
date: Mon, 05 Dec 2022 06:21:23 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90&ttl=&rurl=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90&ttl=&rurl=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90&ttl=&rurl=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b5b5d7581c8946c582f3e162b12fd847; expires=Tue, 05 Dec 2023 06:21:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-189011525-1&cid=1087109354.1670221279&jid=1850108184&gjid=964405871&_gid=293443561.1670221280&_u=YADAAEAAAAAAACAAI~&z=1348590225
108.177.14.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-189011525-1&cid=1087109354.1670221279&jid=1850108184&gjid=964405871&_gid=293443561.1670221280&_u=YADAAEAAAAAAACAAI~&z=1348590225
IP 108.177.14.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-189011525-1&cid=1087109354.1670221279&jid=1850108184&gjid=964405871&_gid=293443561.1670221280&_u=YADAAEAAAAAAACAAI~&z=1348590225 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://nationalcasino.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 05 Dec 2022 06:21:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=1
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=1
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/casino/producer?is_desktop=1&is_live=1 HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdtZPC4U1Yo%2FdIzHxA1lBZW282n6oZwXXypyM3sZt2MRaCMGRqTAl4xF8bElITLimYMz11R2KaRQCwJsOuZlzU69B7RDEFoAVQNpfD3xEb58bzyGIdShNB4OtPGAXG0c2xrO%2FwJeghLM4YFrxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6844fac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=0
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=0
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/casino/producer?is_desktop=1&is_live=0 HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhCI8MvitSJW9e471GhHTHuDp3oGFq10d29uUBWYJsnstmeB%2F%2F4csTSfLE092nXBlzihX33KIRcXHofkkrCsJP%2FRmemF9f6rjpul7mcGaYZxJBsHQkY6VHnwscjz5rzWTisqKmNRpamxG9rGCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d884efac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/get-currencies
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/data/get-currencies
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/data/get-currencies HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n99STN4MYSfrdMDZsKGpQLlMOIuqosrn%2BNfqRvwrj01woyCWXauhi1ktehMFTlA47YLorX6ktth1T4MzR6OxzrPAqIFRSgnPKFkDSGAiAa7AjRPAK4eYobDkwnN%2FFnWMFpYrcY36iwIcmz2VMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d784afac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/ip-data
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/ip-data
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/ip-data HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjdBRrtS9ORcWB0Migb2sYzWDbMG17nOvrBnZA4abpvTRnV0bnPrWU4M%2FSk8az7zRvI%2FXKyBq%2B7YAMwZoDQC9y3FcotK%2F4YhQYZ%2FjO%2Fh3x0j2cYCDfYuOP9idOzFky9%2ByNBrT21JLc5r6g8dwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6842fac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/casino/category?auth=false
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/casino/category?auth=false
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/casino/category?auth=false HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXVbLeYsTl90NrLMOd2%2B7M9Ac7v86yIYe5F59F2XpXw71XFtA9gvW63xQer%2F%2Bkn%2B6IRkpr6zFEXxrohiugQe2OVDFvTrIRHVTptPeNnJt7iqnXwjxffv%2BRPZEjjAV7ZTsq4LKpTzRFcN2RZjkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6845fac4-OSL
X-Firefox-Spdy: h2
nationalcasino.com/api/promotion/list?onlyPromotionType=0&lang=en_GB
104.26.6.72200 OK 1.9 kB URL HTTP/2 nationalcasino.com/api/promotion/list?onlyPromotionType=0&lang=en_GB
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (9201), with no line terminators
Hash 564d8483a6cc1d3aa35433e68612bc7a
1736bee49705561e95405c1dd31d54ab33cca2a7
d86f7b752c09fd1cf5126d91633d3346cf276c3af0d043ac4cabed93071e0baf
GET /api/promotion/list?onlyPromotionType=0&lang=en_GB HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SMC3dsKIeLWIct1c%2FdrI7p7Estox95mXVmp61x%2BIbmqa6zd2zW0wk7c%2FF6OatJ4oEfSPzELnWDUC8Ag5m26NavxsuZy0xcdehpwNqSNzMKR%2BQvHczGfX96fS%2FfFIyw76r%2FDhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6bdea9b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/provinces
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/data/provinces
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/data/provinces HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stKkMIfX%2FGaPGAeV3pReOk7iATlyI5bRj%2B0gFkGrktl8gEQ4TIPoGtJ%2BBXqscQMhPvrHUtHO%2BM%2FhYxyqYzVXyPn5nNlsRkI%2BEQ0LY%2F4dIdf1eboq8ZgxiD2QWya57OZG%2FHGaU4hPhE51nlVsUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d784dfac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/configurations
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/configurations
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/configurations HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpNUTf3JBV3v81CHua3EHX4uJQq%2BbcJ7IdGoYB%2F0gTIHLwz0KRh7LWz9Dukm%2F%2F0kYlibQ%2BdZsgdc3K9fJmR%2BbghEE3vm6G5jLE%2BDoV%2Bl4bhpwzBu03I7rt4nXeU1U2xNXCc7udHuZidj5lpWeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d8851fac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/get-countries
172.67.69.139204 No Content 0 B URL HTTP/2 platform.nationalcasino.com/api/data/get-countries
IP 172.67.69.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/data/get-countries HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FO8imQTuKdju0YrvjqWsV4X%2BYb12T74Q8EJyeO7n2v%2FNxqYQgbyrdG5FS%2BXmQyzfmlI85mH%2FVyqbpNXnPaXBtVRdsPCRzN2NTutMQywSmBHVZ6ndQuN2slD4e%2BNnIjbFsyHT9qHBXJIC4Wbx1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d884ffac4-OSL
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/get-currencies
104.26.6.72200 OK 164 kB URL HTTP/2 platform.nationalcasino.com/api/data/get-currencies
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (10236), with no line terminators
Size 164 kB (163972 bytes)
Hash b9e82d0788cc5ca139921e7ac8510cd3
39b4479648aaf2406015b47e7cf4366d0d0a5273
f5123108a5a81358334ed8b37acc16f05e5e01af535f6edc4f1d36c0b2a52da2
GET /api/data/get-currencies HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daQdGksT1xL5NIPwkuU6SFLLaRw4MqhyJbEY%2BSbnpTog4K2c2VChfy2KzhxU2BtfBJd1YfTkFPAne2UZuHiYDPJYuyY3Ak645f6PnDvOKMDN8Ksd0vOTJBbdvu1bGg%2FQ9JZWnaekRFCAcLMsSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e585fb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=0
104.26.6.72200 OK 3.1 kB URL HTTP/2 platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=0
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (34660), with no line terminators
Hash a6c25ab847b42fd10f2d677f0152abd5
b68386807a60c630e98fc2a7fcd314da0c71a223
11d93bb3692fa47a0e352f6509db2c7b6e7e42b27c13fc37514a9cc1db559b5e
GET /api/v2/casino/producer?is_desktop=1&is_live=0 HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdytJRx4kvEuHT1P87x%2BQhAvMb6QjfwVZKSGTC0rw6pRAOdea2ea%2FfN%2FpDXNHFcIHYLiuhgwsnKzBId0pycrZLPx%2BBbUY%2B5FXBrSbHDRV1Jpr8WV7hTZLLJu3vQu3mY6BhSq6n3YiRTL1HaZlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e485cb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/configurations
104.26.6.72200 OK 6.4 kB URL HTTP/2 platform.nationalcasino.com/api/v2/configurations
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 085560d66714a3a2067f0bd013e9c8a4
44bd5f445611e3e4d0a53dcdcfa04c50b6fe2975
d41cdfdca08393f5b3e762ba9976c2380f278191902f7809086ca942e5a6e58d
GET /api/v2/configurations HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JRxqr6Ob2wT0syGWDUFftCmkNvQml3tJN6NiDTHVG3SHCfhQWhIZauG%2FwJ3gnp2Hsz6RAdWNsYjDzR%2BSEDQ7jka7VqsXqZB%2FzTkLIuLbCSGdyYNUXt72xALSQoBvSziPi0pWdPMlX%2B6lwRC6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e78afb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash c3039f447e5381df673431542bd667d1
e1c45aab2303975e93067fde96266955cb495111
b60d63d9601d73c8eac317311def5f9affde6eb9d46f4c6b4cb8a366da8ee1e7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171542
Date: Mon, 05 Dec 2022 06:21:24 GMT
Etag: "638d7afb-1d7"
Expires: Wed, 07 Dec 2022 06:00:26 GMT
Last-Modified: Mon, 05 Dec 2022 05:00:43 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pXdDYD_vg_DRAz4TOBn_dBJIpTSQE_iKQSF_AyR8yid5XoROJD-pmg==
Age: 3583
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash c3039f447e5381df673431542bd667d1
e1c45aab2303975e93067fde96266955cb495111
b60d63d9601d73c8eac317311def5f9affde6eb9d46f4c6b4cb8a366da8ee1e7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171540
Date: Mon, 05 Dec 2022 06:21:24 GMT
Etag: "638d7afb-1d7"
Expires: Wed, 07 Dec 2022 06:00:24 GMT
Last-Modified: Mon, 05 Dec 2022 05:00:43 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KPFicSekZl3Dqms5PVY2NjqdfvOoeL_eyndurWi6KOIXxU22VPv23g==
Age: 3581
platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=1
104.26.6.72200 OK 675 B URL HTTP/2 platform.nationalcasino.com/api/v2/casino/producer?is_desktop=1&is_live=1
IP 104.26.6.72:0
File type JSON data\012- , ASCII text, with very long lines (5122), with no line terminators
Hash d693c3f05b10d786c22f4b0d86d46f4f
fe7c313bc334dfc12f293a96bd8727046998f8f0
138cf7028c9c17380f5de0fe104bc6ac7efc390fdbd548e66f065a116e548bfd
GET /api/v2/casino/producer?is_desktop=1&is_live=1 HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QF9TkcKPWQ2dOYYxU5bD1VP9wI%2F%2B8JXdvM35QnYQVmaDcTAuJ5TJetvcdI2YrBNLx9b6lTWYcvodRz3YTpJDPmgmSxe%2Fz4dEFdWLRs1xuqeMumP9UC4942MLyS81tuTDUuZY4J8qgWJC4JZSyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e2844b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/provinces
104.26.6.72200 OK 0 B URL HTTP/2 platform.nationalcasino.com/api/data/provinces
IP 104.26.6.72:0
GET /api/data/provinces HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1d4H7e5aiENPlrBz93Pf7CyttbI13x3PAbhgFfAxT8m8iRQh8%2F0uArsXb7arswWCXZzN7nB9UYUrEmGPWxlyTtRqxK8IjxVPgdE6QaS2BM%2FAIC7PB9yxynLU1CB2u7nSMtjWRaO1Vgjm4WKOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e78aab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,500,700,300,900&display=swap&subset=cyrillic
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700,300,900&display=swap&subset=cyrillic
IP 142.250.74.106:0
GET /css?family=Roboto:400,500,700,300,900&display=swap&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 06:21:21 GMT
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nationalcasino.com/app/styles.0b355258e5d259e1.css
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/app/styles.0b355258e5d259e1.css
IP 104.26.6.72:0
GET /app/styles.0b355258e5d259e1.css HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: text/css
last-modified: Thu, 17 Nov 2022 09:01:35 GMT
vary: Accept-Encoding
etag: W/"6375f86f-3f6b5"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7YOKRJlhWHmJmgkErKoDqYplewbtCapKyCAzlENvuhTwNsHd4UZZ0alX9rOd62URcnSKBfzLlcPO1Gx4%2Boj9UBGWZO0QI8FOJIMIh6xRDkMZO9%2FdC%2BYJUmDZRz19SM7G9t0CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5e8d73b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/api/promotion/tournaments?lang=en_GB
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/api/promotion/tournaments?lang=en_GB
IP 104.26.6.72:0
GET /api/promotion/tournaments?lang=en_GB HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jv50bE0EshAnZl4wPak0RQB6z3wGG6eiKI1ZGamtIrL11TcAT5S1T0kNDLG%2BJ%2Bv7IwCHV5jcsDypRGqyFb58jki6U%2B%2BlyHHPUAMTyPV512s%2BUbFNp%2FaD2WCI1Hp3q3Wx68u4Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6bdeafb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/casino/category?auth=false
104.26.6.72200 OK 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/casino/category?auth=false
IP 104.26.6.72:0
GET /api/v2/casino/category?auth=false HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RGCOPvWpbX%2FF1ZOSgSIxzlRLpQ4SHlbRdoXZY3asxScKztrqTrRCffBjzefiR%2Bpyi8%2FBm0KTvp9M0%2B5H%2Bul0HU4C8ksaMIggO1q%2FhZ7%2BWjifMg7P8P7wEdBNy7MYnMG1ZQj9nLcx81%2FWVXwu1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e6887b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/app/runtime.b2e82eb996bed5b0.esm.js
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/app/runtime.b2e82eb996bed5b0.esm.js
IP 104.26.6.72:0
GET /app/runtime.b2e82eb996bed5b0.esm.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 09:01:21 GMT
vary: Accept-Encoding
etag: W/"6375f861-1fb1"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emldHUGtwyYI26DIzKCZbhKs9c2tvn4wOveDoIPme4W0u37ha%2BtcMruJO91Cwn57wBp1mJvxVFx4dzEzcpwKD1Hl2vurfxsxW1Ulul721hT59nPyHfXIgNiFRuocxsGZpmlOMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae626833b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/app/polyfills.9981ee15c1709677.esm.js
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/app/polyfills.9981ee15c1709677.esm.js
IP 104.26.6.72:0
GET /app/polyfills.9981ee15c1709677.esm.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 09:01:15 GMT
vary: Accept-Encoding
etag: W/"6375f85b-2d895"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfkpM8lZ52aSfGSLS2vlDO5REbT2UfGxelzP%2BcD0Tn9DkV3iJcT2myC6NiPzH661fEF4g%2B0YX9VbKj1vry4bIUmz1DqhXwgUSnqb4cGY69ENTPDgNKZduKhIq2TCPoJnvFmAow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae62682ab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/app/main.afe1d482adbb8c73.css
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/app/main.afe1d482adbb8c73.css
IP 104.26.6.72:0
GET /app/main.afe1d482adbb8c73.css HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: text/css
last-modified: Thu, 17 Nov 2022 09:01:15 GMT
vary: Accept-Encoding
etag: W/"6375f85b-31e3"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58cIGYvZWxpI%2B4BTYWZazw0VmPT3GHg%2FhJ2vk11HXSlIlod%2BoW69iLHOSllUgam%2B%2FN4zQJfNfP5QwqUyWsXSgAl8ynC1noeVJ0%2FU6dQ7nD3evwDm9haDzXjKjmY9jS23QIF3AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5e8d72b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.seon.io/js/v4/agent.js
54.230.111.35200 OK 0 B URL HTTP/2 cdn.seon.io/js/v4/agent.js
IP 54.230.111.35:0
GET /js/v4/agent.js HTTP/1.1
Host: cdn.seon.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 09 Sep 2022 15:20:31 GMT
x-amz-version-id: mfjcVMYC8eQg.3.C.jDktKY9HpyiJtFK
server: AmazonS3
content-encoding: gzip
date: Mon, 05 Dec 2022 05:40:35 GMT
cache-control: max-age=3600
etag: W/"7e416f9feeb805e04c423899736c48e2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 03z-C1jK0UAIcz0LaBh6fX9F_XgAJyZapJShXl6XnPDcIKNP_rB-MA==
age: 2509
X-Firefox-Spdy: h2
assets.customer.io/assets/track.js
54.230.111.127200 OK 0 B URL HTTP/2 assets.customer.io/assets/track.js
IP 54.230.111.127:0
GET /assets/track.js HTTP/1.1
Host: assets.customer.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 21 Oct 2022 17:44:53 GMT
server: AmazonS3
content-encoding: br
date: Mon, 05 Dec 2022 03:45:59 GMT
etag: W/"4c5f83ddacacecc5a74e105c6940b5ca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ox9YikjKR5iUkXVt8pRIXeSqpWuViF7TCG2Ht93WwXwT7vfPA5cZ5w==
age: 16363
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/ip-data
104.26.6.72200 OK 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/ip-data
IP 104.26.6.72:0
GET /api/v2/ip-data HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEnfhkHcJSmXRHjaJcUGDz2f%2F%2BcD1aWFBBlCB1Bz3t2r3tdqBuAYvx2%2BqHblxHKCI5n3l%2FvttWpMB7ng3wZf%2Fo0OFIumDDvX0Dc%2FzbS2kARSU%2FDTphBQ9xJx6iwPCMXY9v5z%2BKzI3SlSvuAd6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e6885b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 05 Dec 2022 06:21:18 GMT
content-type: text/html; charset=UTF-8
location: https://media.playamopartners.com/redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
set-cookie: uclick=gxqdibgxlp; expires=Tue, 06-Dec-2022 06:21:18 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=gxqdibgxlp-gxqdibgxlp-2tb40-0-gxzw0-gmgxbl-gmgx8n-423434; expires=Tue, 06-Dec-2022 06:21:18 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/data/get-countries
104.26.6.72200 OK 0 B URL HTTP/2 platform.nationalcasino.com/api/data/get-countries
IP 104.26.6.72:0
GET /api/data/get-countries HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pEQPE%2FV4HM9OOOPqBD86rQ78gmDE8IX2KBScSrsF44aU6W%2FGmYBsv2uiFTDCzzPPrLuPzbhFo7dUnLgXKhBG%2ByjKDhCd7BkSjyoT7z8lEDUnwCCM%2BRxGxRycuQC5sE%2Fqv0F645Pb%2FUJRFDMmlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e88b4b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
casino.cur.a8r.games/public/sg.js
104.18.12.198200 OK 0 B URL HTTP/2 casino.cur.a8r.games/public/sg.js
IP 104.18.12.198:0
GET /public/sg.js HTTP/1.1
Host: casino.cur.a8r.games
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 03:34:09 GMT
cf-cache-status: HIT
age: 4894
expires: Mon, 05 Dec 2022 10:21:21 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 774aae5eeb1e0b61-OSL
X-Firefox-Spdy: h2
dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3
194.242.11.186200 OK 0 B URL HTTP/2 dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /assets/js/e/gtr.min.js?_=0.0.0.3 HTTP/1.1
Host: dsp-media.eskimi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:22 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 692289
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
etag: W/"621cbfb5-12fb"
expires: Tue, 28 Nov 2023 12:07:50 GMT
last-modified: Mon, 28 Feb 2022 12:27:33 GMT
x-content-type-options: nosniff
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2022 12:07:50
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 5b5d6b994a9e44f6606d03923281a256
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
platform.nationalcasino.com/api/v2/bonuses/tournaments?lang=en&frontendIdentifier_in%5B%5D=mystery-slot-race&frontendIdentifier_in%5B%5D=queens-live-race
104.26.6.72200 OK 0 B URL HTTP/2 platform.nationalcasino.com/api/v2/bonuses/tournaments?lang=en&frontendIdentifier_in%5B%5D=mystery-slot-race&frontendIdentifier_in%5B%5D=queens-live-race
IP 104.26.6.72:0
GET /api/v2/bonuses/tournaments?lang=en&frontendIdentifier_in%5B%5D=mystery-slot-race&frontendIdentifier_in%5B%5D=queens-live-race HTTP/1.1
Host: platform.nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:23 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDXnc0mHQ574xhRIZ%2FvH%2F1izGWWue%2BmAy6VmhY0CeHl2xkoRHhkTH6jlMEWqoqVW%2BgQy9MzekwXTLl9csnETDJo0IunQ4RTjbvQTIGbDa%2FUBZC%2BliGCoWGPzzRJqbr3KhCf1RYBXthJkdDGb6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e78a3b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
nationalcasino.com/app/main.b171b1569922ccba.esm.js
104.26.6.72200 OK 0 B URL HTTP/2 nationalcasino.com/app/main.b171b1569922ccba.esm.js
IP 104.26.6.72:0
GET /app/main.b171b1569922ccba.esm.js HTTP/1.1
Host: nationalcasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 06:21:21 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 09:01:34 GMT
vary: Accept-Encoding
etag: W/"6375f86e-83da0"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uukq7HgPm8mV%2BhIAoh%2F8C9RSCdAUYMiaMzyvBYTk9RXLY%2F%2BL%2BFTIum5quhpEcLjLARcoSXnKgoSozDSRcXqr7TN%2FEu3TlhDQ7FI7Hb7FL3r5ZD%2FRTFlJjgkOXpY30YKQtdBbiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae625823b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/apg-seal.js
54.230.111.125200 OK 0 B URL HTTP/2 c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/apg-seal.js
IP 54.230.111.125:0
Analyzer Verdict Alert fortinet Malware
GET /apg-seal.js HTTP/1.1
Host: c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Mon, 05 Dec 2022 06:21:04 GMT
x-powered-by: Express
cache-control: max-age=300
etag: W/"e0a-1paSBg+sfm50ID71eqOWPI/uMj4"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 774aadf41c1f5ba4-FRA
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: G8arX93LOisA3aVTbAeZwvpQ5DaarwnAWF4O_vdiIGWAklWQXPwD6w==
age: 17
X-Firefox-Spdy: h2