Overview

URLwww.cmjdj2smns.com/5LMHK7/2F8LBL/
IP 34.107.199.247 (United States)
ASN#15169 GOOGLE
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-05 06:21:27 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (54)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
xml.poprtb.pro (1) 90217 No data No data 174.137.133.18
main.realsrv.com (1) 91110 No data No data 95.211.229.245
nationalcasino.com (18) 0 2018-05-25 21:48:44 UTC 2022-12-04 19:28:22 UTC 104.26.6.72 Unknown ranking
main.exosrv.com (1) 206751 2018-03-28 04:10:16 UTC 2020-03-23 03:33:53 UTC 95.211.229.246
ctrack.trafficjunky.net (1) 27301 2014-03-23 22:43:38 UTC 2022-12-04 15:53:02 UTC 66.254.114.89
dsp-trk.eskimi.com (1) 38619 2019-10-03 08:08:12 UTC 2022-12-04 15:58:19 UTC 34.120.139.69
x.bidswitch.net (3) 286 2017-08-28 15:21:00 UTC 2021-09-28 10:50:41 UTC 3.73.96.152
assets.customer.io (1) 19446 2013-05-31 17:10:04 UTC 2020-05-06 15:54:46 UTC 54.230.111.127
r3.o.lencr.org (9) 344 No data No data 95.101.11.115
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-12-04 17:54:49 UTC 142.250.74.110
tsyndicate.com (1) 13042 2017-03-16 09:04:54 UTC 2022-12-04 18:19:20 UTC 136.243.46.156
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-12-04 17:40:10 UTC 142.250.74.106
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-04 17:12:39 UTC 34.117.237.239
ocsp.starfieldtech.com (2) 6616 2012-06-22 18:08:50 UTC 2020-04-16 20:58:06 UTC 192.124.249.24
us.doctorpost.net (3) 11753 2021-12-23 13:39:49 UTC 2022-12-04 17:15:18 UTC 38.100.129.136
natregs.com (1) 0 2020-12-10 10:33:21 UTC 2022-12-03 18:32:27 UTC 104.26.3.89 Unknown ranking
trc.taboola.com (1) 602 2013-07-11 10:17:31 UTC 2020-03-17 19:54:14 UTC 151.101.193.44
ocsp.pki.goog (8) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 216.58.211.3
my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-12-04 18:38:17 UTC 139.45.195.8
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
zz.connextra.com (1) 14652 2014-03-20 17:05:16 UTC 2020-03-18 19:26:33 UTC 104.85.191.64
casino.cur.a8r.games (1) 336046 2021-05-15 15:15:03 UTC 2022-12-04 19:37:01 UTC 104.18.12.198
cdn.seon.io (1) 212690 2020-04-21 11:37:11 UTC 2022-12-04 15:53:01 UTC 54.230.111.35
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
media.playamopartners.com (1) 417677 No data No data 23.36.79.25
tracker.ads.sportradar.com (2) 41720 No data No data 23.36.79.43
www.google.com (1) 7 2016-03-22 03:56:07 UTC 2022-12-04 17:22:24 UTC 142.250.74.132
tm.ads.sportradar.com (1) 40177 No data No data 23.36.79.43
main.exoclick.com (1) 33599 2015-09-01 10:25:49 UTC 2020-03-31 04:40:59 UTC 95.211.229.246
eb2.3lift.com (1) 402 2014-09-24 15:03:42 UTC 2020-03-13 01:44:01 UTC 13.248.245.213
newbinotracs.com (1) 0 2022-05-09 13:46:20 UTC 2022-12-04 18:55:34 UTC 49.12.123.158 Unknown ranking
dsp-media.eskimi.com (1) 46408 2015-12-29 16:38:43 UTC 2022-01-25 11:30:48 UTC 194.242.11.186
www.cmjdj2smns.com (1) 0 2022-11-28 15:21:05 UTC 2022-12-05 04:24:12 UTC 34.107.199.247 Unknown ranking
ocsp.sectigo.com (5) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
ocsp.entrust.net (1) 1208 2014-01-10 02:18:45 UTC 2020-04-24 21:44:37 UTC 104.110.10.32
track.trackingtraffo.com (3) 0 No data No data 88.214.195.156 Unknown ranking
dsp-ap.eskimi.com (1) 62069 2019-10-03 09:45:00 UTC 2022-12-04 15:58:19 UTC 35.186.201.99
cdn.onesignal.com (1) 3015 2015-04-22 13:41:50 UTC 2022-12-04 17:12:03 UTC 104.18.226.52
track.trackingtraffo.com (3) 0 No data No data 88.214.206.175 Unknown ranking
ocsp.sca1b.amazontrust.com (4) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.110
ws-cdn001.akamaized.net (1) 188179 No data No data 23.36.77.10
www.c9ikptk.com (1) 662324 2021-09-23 19:37:57 UTC 2022-12-05 04:25:48 UTC 34.107.199.247
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
tag.growthbuddy.app (1) 470040 2020-11-30 13:00:05 UTC 2022-12-04 15:53:02 UTC 54.74.8.139
a.sportradarserving.com (4) 2372 No data No data 35.156.160.245
main.exdynsrv.com (1) 91821 2018-06-22 13:05:36 UTC 2020-03-31 04:40:59 UTC 95.211.229.246
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-12-04 17:20:58 UTC 108.177.14.157
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.148.84.125
c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com (3) 580028 No data No data 54.230.111.125
platform.nationalcasino.com (17) 0 2021-05-25 17:20:35 UTC 2022-12-02 08:29:57 UTC 172.67.69.139 Unknown ranking
platform.nationalcasino.com (17) 0 2021-05-25 17:20:35 UTC 2022-12-02 08:29:57 UTC 104.26.6.72 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-04 17:12:40 UTC 34.102.187.140
p.npcad.com (2) 93803 No data No data 3.228.63.1
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-12-04 17:53:11 UTC 142.250.74.168

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-05 2 p.npcad.com/go/89517/482729 Phishing
2022-12-05 2 c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/sealassets/9f (...) Malware
2022-12-05 2 c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com/apg-seal.js Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 34.107.199.247
Date UQ / IDS / BL URL IP
2023-02-03 21:55:48 +0000 0 - 0 - 1 www.c9ikptk.com/LR9KH/BP658/?__rpt=0&__po=30& (...) 34.107.199.247
2023-02-03 19:27:01 +0000 0 - 0 - 1 ef.vpn-content.net/48HP5T/2GMH37/ 34.107.199.247
2023-01-27 19:35:13 +0000 0 - 0 - 1 ef.vpn-access.org/48HP5T/2GMH37/ 34.107.199.247
2023-01-26 19:21:34 +0000 0 - 0 - 1 ef.vpn-access.org/48HP5T/2GMH37/ 34.107.199.247
2023-01-25 23:13:48 +0000 0 - 0 - 1 www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29 (...) 34.107.199.247


Last 5 reports on ASN: GOOGLE
Date UQ / IDS / BL URL IP
2023-02-06 19:33:00 +0000 0 - 0 - 14 robloxjedirobes.blogspot.sn/ 216.58.207.193
2023-02-06 19:32:34 +0000 0 - 0 - 1 sailbiz.it/CATEGORY/NOTIZIE/CANTIERI/ 35.240.72.43
2023-02-06 19:32:33 +0000 0 - 0 - 1 sailbiz.it/CATEGORY/NOTIZIE/ALTURA/ 35.240.72.43
2023-02-06 19:32:16 +0000 0 - 0 - 1 sailbiz.it/CATEGORY/NOTIZIE/OCEANO/ 35.240.72.43
2023-02-06 19:30:55 +0000 0 - 0 - 2 redeemrewardsfreefiregarena.blogspot.my/ 216.58.207.193


Last 2 reports on domain: cmjdj2smns.com
Date UQ / IDS / BL URL IP
2022-12-21 15:22:54 +0000 0 - 3 - 0 www.cmjdj2smns.com/2RSPJ5/NFC9H/ 34.107.199.247
2022-12-05 06:21:27 +0000 0 - 0 - 3 www.cmjdj2smns.com/5LMHK7/2F8LBL/ 34.107.199.247


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-11 01:59:36 +0000 0 - 1 - 0 premier.ctic.com/api/PropertyDocument/Doc?que (...) 52.177.162.127
2022-12-02 01:22:37 +0000 0 - 0 - 2 iplogger.com/2Fp2Y6 148.251.234.93
2023-01-17 05:15:12 +0000 0 - 5 - 0 smart-entry.biz/reception_app/5703e6a2c255782 (...) 143.204.55.128
2023-01-04 11:26:56 +0000 0 - 3 - 2 sportfun.fit/storage/b6f40dfe-2893-4853-b7aa- (...) 104.21.51.194
2022-09-01 15:20:32 +0000 0 - 0 - 4 tiny.one/amoshood-portfolio 104.19.138.56

JavaScript

Executed Scripts (37)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (134)


Request Response
                                        
                                            GET /5LMHK7/2F8LBL/ HTTP/1.1 
Host: www.cmjdj2smns.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         34.107.199.247
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-length: 224
location: https://www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
set-cookie: uniqueClick_2F8LBL=665313c1-982d-46b5-ada0-87b3c3bbb490:1670221275; Path=/; Expires=Mon, 19 Dec 2022 06:21:15 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 3a78fbfd-f98e-41e1-8891-fd694ffce91b
Via: 1.1 google


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   224
Md5:    98dc5549f8849bd0dd9c96b96666f83f
Sha1:   6730ebc5889cf20410c63fb8e05591165afe2960
Sha256: 861ea3a99c3c7e7696eda0cee29372f1deb84715855ff421199c6b69b9a7e0fe
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15523
Expires: Mon, 05 Dec 2022 10:39:58 GMT
Date: Mon, 05 Dec 2022 06:21:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3562
Cache-Control: max-age=104964
Date: Mon, 05 Dec 2022 06:21:15 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:30:39 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 06:20:13 GMT
cache-control: public,max-age=3600
age: 62
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16191
Expires: Mon, 05 Dec 2022 10:51:06 GMT
Date: Mon, 05 Dec 2022 06:21:15 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: XXHcMdWD3ynbXXEGD7a+wljiEwZIb7O5bQe0ghNs0sGD0onVRc+AWSg3K5TMJxzG+z8HjvV7I0M=
x-amz-request-id: MX95V69M17N77ZNW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 05:47:17 GMT
age: 2038
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 06:21:15 GMT
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:45:40 GMT
Expires: Mon, 05 Dec 2022 18:45:40 GMT
ETag: "4d1362830a44e7de062fe236f92c65cd3d76acb4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1845
Md5:    6c4f116df5d22b61833802de4b7bc3d8
Sha1:   4d1362830a44e7de062fe236f92c65cd3d76acb4
Sha256: cf7cfab985aa2c89eb86afd91488528ff1a60d9f502fa69e345ded08c55f8b90
                                        
                                            GET /5LMHK7/BP658/?__rpt=0&__po=29&__ptid=4d99df32cf32469a8b2891702a77965e&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1 
Host: www.c9ikptk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         34.107.199.247
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:15 GMT
content-length: 57
location: http://p.npcad.com/go/89517/482729
set-cookie: uniqueClick_BP658=5ff85607-5cac-4aea-9b4a-c22ef9608efc:1670221275; Path=/; Expires=Mon, 12 Dec 2022 06:21:15 GMT; Secure; SameSite=None transaction_id=1ec949192ed44f81aef6a5975ca0a0df; Path=/; Expires=Sun, 05 Mar 2023 06:21:15 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 73298b44-708b-4c05-96cf-3bd95036aa72
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   57
Md5:    fac34a702735ac79294c0ff2645951dc
Sha1:   bb025946516e373af1fb36abe2e300af88fda6be
Sha256: a4cbd7e80e4d2c050331282c60cd52fb8af96d7f86f71c61a0da55d6d1a4e9f6
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 06:08:58 GMT
cache-control: public,max-age=3600
age: 737
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3547
Cache-Control: max-age=99882
Date: Mon, 05 Dec 2022 06:21:16 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:05:58 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /go/89517/482729 HTTP/1.1 
Host: p.npcad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Date: Mon, 05 Dec 2022 06:21:16 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 271
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   271
Md5:    4a19fe4a9077000c1478b64d9c72d090
Sha1:   cbcaca2e9894ac2dc83519d9a1ac2ac7abab29fe
Sha256: 04210260741006318f6b6f62cc5827aa81273385a54df7517a3e5ad4915d3acc

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D41LfJM056UKviBkAcmOyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.84.125
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wCiUU3aMDx0k6U9fbg3rwVBBX8U=

                                        
                                            GET /ad/ad?p=89517&w=482729&t=7013e34c5dda52ec&r=&vw=1280&vh=0 HTTP/1.1 
Host: p.npcad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://p.npcad.com/go/89517/482729
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 303 See Other
                                        
Date: Mon, 05 Dec 2022 06:21:16 GMT
Location: http://xml.poprtb.pro/click?i=qQpvL3yuk3g_0#pc224398
Server: nginx
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /click?i=qQpvL3yuk3g_0 HTTP/1.1 
Host: xml.poprtb.pro
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         174.137.133.18
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Pragma: no-cache

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12348
x-amzn-requestid: 72f681ef-9ae7-4fc5-8539-230e1d4277a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKa_HpTIAMFrcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abddf-43ef45165fd982997e5018c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:09:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGsNaADKr1KoJT7rxDSFf8dxM1_IXsaF67Eqe8DIO9PAJy8HtqQKng==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 04:17:03 GMT
age: 7454
etag: "f8d5cc7b315879b66a11b403463da1330617d2fa"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12348
Md5:    b8e6f84dff61fedd8ff9baa9bb648883
Sha1:   f8d5cc7b315879b66a11b403463da1330617d2fa
Sha256: 025c66a4a0e7927353e1733d7f8cfb6ec3c9c0228d34267cbff11f09cf112127
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20370
Expires: Mon, 05 Dec 2022 12:00:47 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vhtd0Bo5kTQySEn0vD_RJin0usoC7GQvK74fhVtrtZNEy64_vrWQNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 30931
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10183
Md5:    99d1ff8fa2e095dcf2bda3d1e1af1221
Sha1:   f914f04a0e1fb45a221d31d2105bfc73015b03e6
Sha256: 90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 29896
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10396
Md5:    24c69d7ef356b352956d6dcbc9f5df1d
Sha1:   2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
Sha256: 94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6034ca-f8c1-4979-8165-5f755e5d12a1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6430
x-amzn-requestid: ae2ec151-d383-4554-9ac2-3d204701251c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ttFDKoAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1324-15aebb1a06253068472a6ab0;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kYXmy10msfeWdDYgvq0PXyGpy9UJyQkSLAhR_Q5PQMllJPXOOTnalw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:53 GMT
age: 30924
etag: "e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6430
Md5:    3c36448c65274ebbe1eb21e3bf02385e
Sha1:   e03cf1c7c2ec15b3cc50d9c54bebbf81aa08cf28
Sha256: 6f17788a394f1305755805a1b92117b1c1a03a1e3a075cb97a0da5184d574553
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b8e1482-c241-410e-81b0-55ea5ac84c98.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7631
x-amzn-requestid: 9fc3a621-dcd9-4332-b085-6cda0cb25ac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUYF2toAMFVkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-36f6c7d67940ed18394328c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dl8jhq0YETppiEYYnJeap1IgU8-xFLAUnsleTdG1EZMwZfHmDaQQQg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:25:28 GMT
age: 10549
etag: "ff7740d3c12ce7ab23291272221c0d9503f9c139"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7631
Md5:    50eeb012f0903f0848c8afcd6b26a7ec
Sha1:   ff7740d3c12ce7ab23291272221c0d9503f9c139
Sha256: f4aeac45941c34d8e0794d20a4bb2658b020fed85c5059f247844f2755bc9d72
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5276
x-amzn-requestid: d337310e-59be-4268-bfd0-8cc4f2c91a11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_soE98IAMF0aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-230591591f8fd0984c222549;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x7xrn7E3aUdw75Br3B_GcqRhg-i5FcqG2NRMo4Pa5VhqjblbsvcgDg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 30782
etag: "2d47af0fb664d9fec52549bb3bdba1dfd8911bb2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5276
Md5:    f0402b0c3474a5bd3b1ba804528b64a8
Sha1:   2d47af0fb664d9fec52549bb3bdba1dfd8911bb2
Sha256: 7f87af77663b8bf22211e135554ada8865cdcf6499e9fcf0f3442b10ca3984e1
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "17D3214DA9FEA9561FD27A58C0FAEC65F3EEF457BA19B64EC231BA42EDEF8CCD"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19101
Expires: Mon, 05 Dec 2022 11:39:38 GMT
Date: Mon, 05 Dec 2022 06:21:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 06:21:17 GMT
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 18:45:40 GMT
Expires: Mon, 05 Dec 2022 18:45:40 GMT
ETag: "4d1362830a44e7de062fe236f92c65cd3d76acb4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1845
Md5:    6c4f116df5d22b61833802de4b7bc3d8
Sha1:   4d1362830a44e7de062fe236f92c65cd3d76acb4
Sha256: cf7cfab985aa2c89eb86afd91488528ff1a60d9f502fa69e345ded08c55f8b90
                                        
                                            GET /postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d HTTP/1.1 
Host: us.doctorpost.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         38.100.129.136
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:17 GMT
content-length: 2101
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   2101
Md5:    1bd40e0b9b6337dcf733dff332125f78
Sha1:   ab4d87daa4b7e1405fc7027b239bb66f09c82f1a
Sha256: bbbb083c9a63f397e636e99ad342d0863df5d5de7293707a82ea4e59de0c6801
                                        
                                            GET /postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d&token=ae25410e809a9c53853af30e94e5b1f8&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1 
Host: us.doctorpost.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         38.100.129.136
HTTP/2 302 Found
                                        
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:18 GMT
content-length: 0
set-cookie: platform_user_id=desktop:b9ce734ea0955fdbdaef46d4d37c6039 platform_user_id_3rd_party=desktop:b9ce734ea0955fdbdaef46d4d37c6039; SameSite=None; Secure; Max-Age=31556952
location: https://track.trackingtraffo.com/push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE
X-Firefox-Spdy: h2

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: us.doctorpost.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://us.doctorpost.net/postback/click?key=v2-1670221276426-7-7522-1178228-d3c94a57-892a-ecb4-1a89-2ccec450423d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         38.100.129.136
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
server: openresty/1.15.8.3
date: Mon, 05 Dec 2022 06:21:18 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:18 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=538399,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae4e3c85b505-OSL

                                        
                                            GET /push/c?auth=pz6u78&c=p4ePMSD1V1055MD9FiENofiBrdJGgNMWQmOKO2jAHfEQDjAOGfi-G2DnuQ38-ax7nA0rUR7VkZc-MvWUFrEkxc5D-9n7zmsYF1f9kZOY5K3ySMaYfUS8nVkZV79Qr1UIkt-VvDvI0HfOfRxsHYEWZeAw06BOtis1_pSNXL7QW69UVRII9-usUPGJ54fKQ295hzooTpvMhXPWz28nFkkX1KkcATivt8anRRuZbxcREaQXCfYpSx1eIysgWDfqntvXG07un4rB2r3IZjsfgtWSqgOlkvl7cPbkILbrh28W3fnJ7MUSHao_V6qoD77RqOnWUQqExFOBVbFTR3qY84uGz42VJCkj6cI1nzMvnuN4EWoYx5gq3cYDl7zsYFSc-Kk4cUIeLKcCy8w_U0RKjEWkT_S6whqlaZUTa-vVrOG2DQrZnlDcsVCvynKq81gkuNj3MYH5EfS88rSGT20zhAFlP3s_2Aqva9erVbO7G9i9-a1uDeJRYaWrvcNDK6abpvttk1sTKEQFKUfk-XLk-8zZwz41OPRXCi74tjbvUlJVIjxH2pg40zC79yvoIHQLtIJjSgi74qbTmsROrQHWioeA0VevqSdHONl-Mx1vUsI2I8ASIhlCefekwrtxGBSFumdYfmixw8D11ayXfmX-xcVo7d5LAGagw7OVT4VQ044PB93Tf90ko9WEfeUgtZBwK6PmqYpSYWajSGGwY23pB3KTLAy8qMq_M5T4pF8sddVQFMFCSJrLg5JPtYWTrL7SdROrP-Gcynt4OMun6VKumLIPP2RTS9esoWB3I7EIwy_xRP6cGHyQW1hPiEdl8aE HTTP/1.1 
Host: track.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         88.214.206.175
HTTP/1.1 302 Found
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://newbinotracs.com/click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage

                                        
                                            GET /redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1 
Host: media.playamopartners.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         23.36.79.25
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
content-length: 0
location: https://natregs.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 05 Dec 2022 06:21:19 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 05 Dec 2022 06:21:19 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a180698%2c%22BID%22%3a2036%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670221279095)%5c%2f%22%2c%22CookieTag%22%3a%222036180698451240919C2022125621%22%7d%5d; SameSite=None;; domain=.playamopartners.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22935266510%7c1%22%7d%5d; domain=.playamopartners.com; expires=Wed, 05-Dec-3021 06:21:19 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=35
X-Firefox-Spdy: h2

                                        
                                            GET /promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1 
Host: natregs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.26.3.89
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:19 GMT
location: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5jl6XUpiIewZLCBP%2FDczWCfyf%2BuAL%2BWuAlthn3M%2FJVdu51ca89k0GXmgg9CHiajyhpBImUNHEAwp%2BVT5eim8j9zwUHMPkw5IP4I5wptbhCtqS4vJYTuLRwViuwS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5318131c12-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /images/nationalcasino/to-free-spins.png HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
content-length: 81509
last-modified: Tue, 29 Nov 2022 08:47:00 GMT
etag: "6385c704-13e65"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtYp%2BLRvMZgI9BPgYNyOrwlJH4LIm3KkjvXIbr%2BW38g0BQcMJIRjb5Q6kgfG4FE6c6T%2F1Pm6XYDGxULtWD4aqdAA%2FAQDtYvmBpThAs5pbv2b5sslrJIfsZYQW%2FBp%2FgPV4TSM1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7eb4f1-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 229 x 252, 8-bit/color RGBA, non-interlaced\012- data
Size:   81509
Md5:    e0be4af2aacbf64c71ee26fc8b66725a
Sha1:   45cf83451434c81703c2afb6504f9875b86465ce
Sha256: 21cc5a719c7133bcf4af5d5cc1d34ae3dfb39cbe56a84796ed4a5ec013f08961
                                        
                                            GET /images/nationalcasino/to-second-deposit.png HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
content-length: 69995
last-modified: Tue, 29 Nov 2022 08:47:01 GMT
etag: "6385c705-1116b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OhfCghzi88mYMoMhNg8LgWOk%2BTjbS%2BAxPP9oSzvMV3Hljbq%2FTL04RKhDxCG2amFOt9TfnaW3oRq13hagQfBGWASsYhG6tL1y5t2uCER3xZZnj1dWIiVMn3fquhKelqGpmhdjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d82b4f1-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 229 x 252, 8-bit/color RGBA, non-interlaced\012- data
Size:   69995
Md5:    b718e1f10040c23b73f9e134b195596b
Sha1:   4949443c575ad1f39ece00361f798a3b4d4ccf43
Sha256: dfd48f8f478eea34526e35d0d582d5055a28b4e5b54c31196957f178cc28293c
                                        
                                            GET /images/nationalcasino/hexagon.svg HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Tue, 29 Nov 2022 08:46:55 GMT
etag: W/"6385c6ff-3ab"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V39UJMn3HmuErrbbe5q6%2Fub0gRD%2FeJIHTb4DeVByoYtCsfsNeNOVriKyXpKg5zM%2F%2FXB0rO1fczm3nQ1JOnu%2Fb2hn1oduVmWqRngHhcPwkK40xCzTMMb2b4POSBNKTZHMJ4IMpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7cb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text
Size:   727
Md5:    afa38dbcf0664cdd5cb0e9c701069dda
Sha1:   161e72c10210ed4d76268ee958919d7c70515a15
Sha256: cad932d91e2b4fc8f025acbda3e29329581f59bec4dcb048297c455da32034a8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2489
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 06:21:21 GMT
Last-Modified: Mon, 05 Dec 2022 05:39:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /images/nationalcasino/hexagon-active.svg HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Tue, 29 Nov 2022 08:46:56 GMT
etag: W/"6385c700-4a0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XcPfm4wUQhs9m1cutZ13tK%2BwEVJ83VSenoKaNn0ONMgcVSWhBN9qIgEsJoVL115a%2BmNTyQpBcGdnVVy%2FZZ44pFOHs%2FMzbTu03X1S1rsJLAZC4%2BgL6xDqpZ8wrQxN%2FqQfmnP5tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d7db4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text
Size:   1036
Md5:    207052c0e33283200bfd095c286efd1d
Sha1:   f9d73e35069efdf12194bf959aa98b27c96e78fe
Sha256: f1a2b58abaa880a02c7986b401b41668918f18102a95fab04069f905c16adefc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131639
Date: Mon, 05 Dec 2022 06:21:21 GMT
Etag: "638ced18-1d7"
Expires: Tue, 06 Dec 2022 18:55:20 GMT
Last-Modified: Sun, 04 Dec 2022 18:55:20 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _UslGYBxro1Z-cgpsv5NZQoGLY7_W0X31EExwIJnf9J72JaXZeC4ig==

                                        
                                            GET /promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3 HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:20 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
set-cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=none subid=ecc41gxqdibgxlp5b3; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=none utm_campaign=Ubidex-National-Ksenia; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax utm_medium=Ubidex; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax utm_source=retargetvr; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax utm_term=Ubidex-National-Ksenia; expires=Thu, 05-Jan-2023 00:00:00 GMT; Max-Age=2655520; path=/; secure; samesite=lax
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7keecFm%2B%2Fp4qpxiZNe26Y5%2FTDnLRhvfu4NiFG1lhkD0MFADSS5rfOkBc9ZK9s1rw1%2BuKK7rmdR%2BZ3Kk%2B7uOM3NqZ2jq5je5CI%2BqXJnCWm4%2FCAT8ymvrPcrBnRT%2FHkJcjq%2BoqJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae58d87ab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14545), with CRLF, LF line terminators
Size:   368002
Md5:    d25c86eb7b32af611548fbc24d29e3b0
Sha1:   0af0fa4d711d16a54770af8814059d0d83955d6c
Sha256: 445e14150d10c79ac5e46d7d948380a2a29e24441460171741781559e79dd548
                                        
                                            GET /assets/loader.gif HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
content-length: 542186
last-modified: Thu, 17 Nov 2022 09:01:29 GMT
etag: "6375f869-845ea"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwvkh5bnbZVGJPZ6BWpfGVbmPVdeZhB44i1pN9cjT48dd6P%2FUi8U9ZB%2BRv9osNA16cg5lHhlhEHptNBTctTOlB%2FcJWBT1LJDrrJQ0MQVnPHWRs8LFKdxFkFtYvpjicFDwWFLrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d77b4f1-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 500 x 500\012- data
Size:   542186
Md5:    a878deec794465582b3e94fea2d33da1
Sha1:   dc9039cc6aef4728917b406b73a7203f8f6810f5
Sha256: b5712905b34bf0e84bfbeca1e23318d614c2d827bef77fdcc7c6792f9aa75496
                                        
                                            GET /sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3BhY2VyLXNwcml0ZS5wbmc%3D HTTP/1.1 
Host: c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.125
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 95
date: Mon, 05 Dec 2022 06:21:04 GMT
x-powered-by: Express
cache-control: max-age=1200
etag: W/"5f-NEKpX+iQzkdps2suzGEbgBpUz7U"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 774aadf6581c9b7a-FRA
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pOX0yglFXcT6GjXpOdTMLPmnwvbu9uN72tjoTyBqGQbuRkJW99nfIw==
age: 17
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size:   95
Md5:    9591c410148e6883727c5339fd1c02cd
Sha1:   3442a95fe890ce4769b36b2ecc611b801a54cfb5
Sha256: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /sealassets/9f360a50e1f27bc3f2552c00d6f1ff33-nationalcasino.com-f5faf6d82a7be2057527120fa49724355adf2a8c973918d432fa7b70160234e717ac6b01358f27fc0aff52358b79fb11-c3ByaXRlLXNlYWwucG5n?status=valid HTTP/1.1 
Host: c4457c89-e5ba-4d22-92e5-c2959310ee85.snippet.antillephone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.125
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 49397
date: Mon, 05 Dec 2022 06:21:04 GMT
x-powered-by: Express
cache-control: max-age=1200
etag: W/"c0f5-y5nfd/SGXZwvKHU5pcpHTPdvfQk"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 774aadf66c779072-FRA
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TihTlI9Fx7mrSIBTMVjcEcLg-VihyBvYKXNMW2KO0AvWpwqfTCrioQ==
age: 17
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size:   49397
Md5:    8ef6782be55b8ce8f5b132d28af8e0d0
Sha1:   cb99df77f4865d9c2f287539a5ca474cf76f7d09
Sha256: d614922fde9604f8899e47f3cc3d69bf952312b996f7cf1421163996710850fa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/js/app-692ed3cf06.js HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Tue, 29 Nov 2022 08:46:58 GMT
etag: W/"6385c702-4bd"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3994
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9brWIFM5xB%2F4jE9VKx5pIisUVN6Xse5v12yrkmR3Ad3y2T5cUJqD0VkapFylC9u%2FOiGprRxnaPaQHGgNe4FQAk14cp%2BPGBFo1gdlx6Z8XpUeQ7AA%2F0vgfVDwQVilzlgef0d%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e9d83b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1212)
Size:   878
Md5:    b0380fb1c37f5e9cdd3b331cd2a86df1
Sha1:   1eace06e05caddeed3f1b8dfa901e96fbf54365b
Sha256: 6aefb24c8f289d49fe10a512fe6d4886915d8746b16b43e188d80b001811ea95
                                        
                                            GET /gtm.js?id=GTM-5PKWDCC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 06:21:21 GMT
expires: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58045
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18156)
Size:   58045
Md5:    e8da1bcd6a87d8a26b1454041af8e950
Sha1:   34f5ebbedc3d576b2ff828c60ae89f6471059f91
Sha256: fdcb51d880829dfe7fbb37f932765cf2d7dd671e3bc1cac0e314e904dbd8ad6b
                                        
                                            GET /api/translation/get?locale=en_GB HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XXmNJGXcWmYdGp7cwdSzmp9jkK%2FAXShgZ6wT3VHaTiISvubq5pYcLa0og2b9OiPlS8S76THgSXvxUFlWS%2BXw19wWjT96QgjkkYhC1QhCDW2%2B8Z%2FHNpa4IWlFrV1674fBUdhpjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5fee71b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   36237
Md5:    27925a764a731356638a59e29575cfb0
Sha1:   012d874a7c8cadaa8a87cb963f07395172b08349
Sha256: d57a5c58b115ea023640764cfa966bd92b698cff28de67cf76e6d713ad193482
                                        
                                            GET /7693683943e78a298c36d469e68b47d8/widgetloader HTTP/1.1 
Host: ws-cdn001.akamaized.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.77.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
content-security-policy: frame-ancestors 'self' https://st-cdn001.akamaized.net https://ls-cdn001.akamaized.net
cache-control: public, max-age=120, stale-while-revalidate=60, immutable
etag: "9bc46328338c378d30894ab4a4e7d934-a036221ef5aef4e01862643812dd55b7"
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
x-ing-v: 2
content-length: 59719
date: Mon, 05 Dec 2022 06:21:21 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40931)
Size:   59719
Md5:    cdcde21489dfe097a97d7ceca71511ec
Sha1:   b5bc41388b923e53de0dced81c8fb96037c82d3f
Sha256: 4fddf93389fe6a88a10f8ccbbae9a446c6037b0b3a3697b7229f68bcfcbf33a3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /dist/tag-manager.js?id=STM-AAAAJE HTTP/1.1 
Host: tm.ads.sportradar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.43
HTTP/2 200 OK
content-type: application/javascript
                                        
apigw-requestid: cqMYpju_joEEP0A=
vary: Accept-Encoding
content-encoding: gzip
content-length: 37421
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: max-age=900, public
x-n: S
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (62053)
Size:   37421
Md5:    1b74a323a6c9676fa834d847cb5bd06e
Sha1:   c8603041e50a01e33bc845ee3868d9f126bd5750
Sha256: 5957cb27076f020f007da89bf019bb69f3c97944e79244106f495055d3e2c3bb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /dist/tracker.js HTTP/1.1 
Host: tracker.ads.sportradar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.43
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Wed, 20 Jan 2021 14:51:32 GMT
accept-ranges: bytes
server: AmazonS3
etag: "5ff82a1c468a89919e9437d33e0402cb"
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: wuUbQUm4iRwa8A6rowGJaB64BSa2kYagE-KYpU8ZocYAfhri6NZQJQ==
vary: Accept-Encoding
content-encoding: gzip
content-length: 11553
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: max-age=900, public
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (34755)
Size:   11553
Md5:    b34b13d85152f71b7fd15289c78c0583
Sha1:   0bb20191b022bbd0e75f2bbce7f6332886079c2c
Sha256: 7a3fc57394ecc6745eb6e18745aa1e5e5d05cb2237c4d0d754ab43d33863a84c
                                        
                                            GET /dcs/tagController/tag/9074f6689420/homepage HTTP/1.1 
Host: zz.connextra.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.85.191.64
HTTP/2 200 OK
content-type: text/javascript;charset=utf-8
                                        
content-length: 16260
server: istio-envoy
content-encoding: gzip
x-envoy-upstream-service-time: 3
cache-control: must-revalidate, max-age=283
expires: Mon, 05 Dec 2022 06:26:04 GMT
date: Mon, 05 Dec 2022 06:21:21 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  exported SGML document, ASCII text, with very long lines (2407)
Size:   16260
Md5:    05569639dfd76435e28a430931df309d
Sha1:   969971e3a0b9f4fdb73349ef05e2f2d5cebd43fd
Sha256: 117b615980a24bd158212bdc6ad7ef71dfd2e9d332b95c9058f5245a53d48d04
                                        
                                            GET /dist//sp-2.14.0.js HTTP/1.1 
Host: tracker.ads.sportradar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.43
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Wed, 20 Jan 2021 14:51:32 GMT
accept-ranges: bytes
server: AmazonS3
etag: "8dba669b94e3865c9205ef8fd15ee4d1"
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: QbMscScT1eq1WbZN7BMfomOBrf6_dxzxBPAGv4Nnw-yYsUMIK7g4mw==
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 05 Dec 2022 06:21:21 GMT
content-length: 30370
cache-control: max-age=900, public
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64903)
Size:   30370
Md5:    44f237857b8d03f32b53fe551e83c95a
Sha1:   91536fe6c60d947d29dfcb5f04d09b752b5ccf03
Sha256: a5e10dc2f3c729300afe8fe24aa430f57d91fdefa8112c0b35dd424ba612caa7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:21 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=538396,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae634ba9b505-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "29F8E17F8D44305A732EA874A9C9F7478B641536F478DDA05D4C9668C56318CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 05 Dec 2022 12:21:21 GMT
Date: Mon, 05 Dec 2022 06:21:21 GMT
Connection: keep-alive

                                        
                                            GET /configuration.js HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
x-powered-by: PHP/7.4.29
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEEQhkLFuX8GeTGdRFDTstcV%2FFnx6LkOLiZmjcFVNdW%2BMcN7uRvhU5sOXWBlNvyROqk9xx1b%2Fx17AgvTDPY3b12U65nde78htBtzaoxGBLMgkJV2MAR63bamR59juGnqCcoYIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae5e8d75b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2366
Md5:    70f21f68adf687ec2e1c31ed45d7d79e
Sha1:   818895e3cfe3f7d4e2990bece596e942e783bcb0
Sha256: f014cb247ec3c13ff5f96fe92e42eab23fcbb12b3b356b19e35d93cf49f50588
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "86E3988110C767C4E0D360F39C8E001A2521252B176CFD5068E0D028B88BF000"
Last-Modified: Sun, 04 Dec 2022 18:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2557
Expires: Mon, 05 Dec 2022 07:03:59 GMT
Date: Mon, 05 Dec 2022 06:21:22 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    25a635474ad0528855d5feb675c78d7a
Sha1:   dac56f1278c5c3de424caae74075268bcd433e09
Sha256: 86e3988110c767c4e0d360f39c8e001a2521252b176cfd5068e0d028b88bf000
                                        
                                            GET /pixel/js?auth=61xu7tg&event=visit&uid=undefined&tid={TRANSACTION_ID}&cur={CURRENCY}&amount=0 HTTP/1.1 
Host: track.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         88.214.195.156
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:21 GMT
Content-Length: 488
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT


--- Additional Info ---
Magic:  ASCII text
Size:   488
Md5:    b09c2e73a7acd36e1b90f7815a3343ae
Sha1:   cf4d0cd5eb6a4dd17ddd38a5d1f926a80ede1afa
Sha256: 3deb4bbc40839f8350713d15007765a261b7e3bf72229de5d07172e53bd93ba7
                                        
                                            GET /pixel?type=js&aid=1186&id=2527 HTTP/1.1 
Host: a.sportradarserving.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.156.160.245
HTTP/1.1 302 Moved Temporarily
                                        
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://a.sportradarserving.com/ul_cb/pixel?type=js&aid=1186&id=2527
Set-Cookie: zuuid=8e737555-b7d3-4f2e-9399-88bfcd9b01cc; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId= HTTP/1.1 
Host: a.sportradarserving.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.156.160.245
HTTP/1.1 302 Moved Temporarily
                                        
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://a.sportradarserving.com/ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId=
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /tag.js?id=DV-94905054618481252564 HTTP/1.1 
Host: tag.growthbuddy.app
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.74.8.139
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
set-cookie: INGRESSCOOKIE=1670221282.94.114.272232|5f2e1b57d78510d04b0cf9036879032b; Path=/; Secure; HttpOnly
vary: Accept-Encoding
cache-control: public, max-age=7200
x-content-type-options: nosniff
etag: "1382-negDj3/q3mLK2bONN/3hDb5WPZA"
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4966)
Size:   1969
Md5:    77250bb669dd70cd2fe52425cdf32f60
Sha1:   5072d868cd6cbaa2acdb59f63d108d3421986905
Sha256: 8417f5c374a8a38f5e35d77b2617f810512bb5fbd2c3e5f6875ddfc273cbdd52
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "18D3562684C32ED7B8D7CF02C853D8F1F08BF1074151891D9B756D14FDDDFA1F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4374
Expires: Mon, 05 Dec 2022 07:34:16 GMT
Date: Mon, 05 Dec 2022 06:21:22 GMT
Connection: keep-alive

                                        
                                            GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1 
Host: main.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1 
Host: main.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.245
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /pixel?auth=61xu7tg&event=visit&uid=undefined&tid=%7BTRANSACTION_ID%7D&cur=%7BCURRENCY%7D&amount=0&site=nationalcasino.com&ln=en-US HTTP/1.1 
Host: track.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         88.214.195.156
HTTP/1.1 200 OK
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT

                                        
                                            GET /p.js?f=sync&lr=1&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   697
Md5:    75aab9dd0a7f76694ee9776060328c6f
Sha1:   2d065592c944cc0051b095a6ba50c7377150e7d5
Sha256: f33a2e591fbcfbb60dd31d6f3078dc14bc068aa1d7372b9708514ad44cd71df7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 04:41:08 GMT
expires: Mon, 05 Dec 2022 06:41:08 GMT
cache-control: public, max-age=7200
age: 6014
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /ul_cb/pixel?type=js&aid=1186&id=2527 HTTP/1.1 
Host: a.sportradarserving.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; c=1670221282; zuuid_lu=1670221282
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.156.160.245
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_k=1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_k_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure cm2=!bidswitch,439550482; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure bss=!bidswitch,439478482; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 1843
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1843), with no line terminators
Size:   1843
Md5:    1ef72dd9c3b199c0c62cf5988a681aab
Sha1:   2267bb7034ea61a4b4aad465111a7b504662b1a9
Sha256: 6ef6a92145c6632d63b851c20f5cc7d32c4b75bea38e3122fddd8545290b0ab3
                                        
                                            GET /ul_cb/sync?source=sr&redirect=//echoback.ads.sportradar.com/echoBack/_adsCookieSyncCallback?userId= HTTP/1.1 
Host: a.sportradarserving.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; c=1670221282; zuuid_lu=1670221282
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.156.160.245
HTTP/1.1 302 Moved Temporarily
                                        
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 05 Dec 2022 06:21:22 GMT
Location: https://x.bidswitch.net/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
Set-Cookie: zuuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_k=1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure zuuid_k_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=sportradarserving.com; samesite=none; secure
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1 
Host: main.exoclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 104
Cache-Control: max-age=115874
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638caf1c-138"
Expires: Tue, 06 Dec 2022 14:32:36 GMT
Last-Modified: Sun, 04 Dec 2022 14:30:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 312

                                        
                                            GET /tag.php?goal=d23417ed7e786d7f8227d25b45f72bf0 HTTP/1.1 
Host: main.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 05 Dec 2022 06:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A90552%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-12-05%22%3B%7D%7D; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /assets/favicon.png HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.1.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 22994
last-modified: Thu, 17 Nov 2022 09:01:23 GMT
etag: "6375f863-59d2"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJZzTBbcHQG40rtYjJcqKtjXv0Jag7CfkCU4OXOr0g1OB%2FmyVn%2B3zk9tU55FzwHQV4P6op8Odb82fmxiF5DZsH%2BQJfclF%2BUMplpgQGpLBZoDlp%2FXy%2F3vAxmNV0ScIet0bpCCnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774aae679b8cb4f1-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size:   22994
Md5:    f649afc10275f1cbfcd434396290b1b3
Sha1:   01582644cb47372037afd0942cc63d52d71fae41
Sha256: d3a98485a8766e2cabc7b9cd05166a3dd9d8ec8eae6ef0b2a93afd6ae19e7a14
                                        
                                            GET /ctrack?action=list&type=add&id=notregistered&context=National&cookiename=notregistered&age=259200&maxcookiecount=10 HTTP/1.1 
Host: ctrack.trafficjunky.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         66.254.114.89
HTTP/1.1 200 OK
content-type: image/gif
                                        
server: openresty
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Secure; SameSite=None tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Secure; SameSite=None 04acaa237b5a69118d03403dbe7a25f9=notregistered; Path=/; Domain=trafficjunky.net; Expires=Sat, 03 Jun 2023 06:21:22 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
x-request-id: 638D8DE2-42FE725901BB4A56-28BC8F06


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /api/v1/retargeting/set/549f8e4e-78b7-4c4e-b846-357584a8ff56 HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         136.243.46.156
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 6160188f7d732884
set-cookie: ts_rt_549f8e4e-78b7-4c4e-b846-357584a8ff56=AAMC; expires=Tue, 05 Dec 2023 06:21:22 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /1460267/log/3/unip?item-url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&ref=https%3A%2F%2Fus.doctorpost.net%2F&en=Nationalcasinocom_notreg HTTP/1.1 
Host: trc.taboola.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.193.44
HTTP/2 204 No Content
content-type: image/gif
                                        
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Mon, 05 Dec 2022 06:21:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670221283.708109,VS0,VE89
x-vcl-time-ms: 89
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae69689fb505-OSL

                                        
                                            GET /tracking/cssession?tst&id=22441 HTTP/1.1 
Host: dsp-trk.eskimi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.139.69
HTTP/2 304 Not Modified
                                        
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
date: Mon, 05 Dec 2022 06:21:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 06:21:22 GMT
Last-Modified: Mon, 05 Dec 2022 05:21:31 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 21Cdt6EL9P0PnNOTiFGEdQiyo7kCxFQXhrP0v-0sn3kJ-4wUEAFPLA==
Age: 3591

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:22 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae698e141c02-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v2/gtr?id=22441&url=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3&t=1670221279986 HTTP/1.1 
Host: dsp-ap.eskimi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.186.201.99
HTTP/2 200 OK
content-type: application/json
                                        
set-cookie: __eConsent=1; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Max-Age=2592000; Domain=.eskimi.com; Path=/; Secure; SameSite=None __eDId=02dfbb55-bdba-44b2-9f4c-85c73054a3ae; Expires=Wed, 04 Jan 2023 06:21:22 GMT; Max-Age=2592000; Domain=.eskimi.com; Path=/; Secure; SameSite=None __eP=1; Expires=Mon, 19 Dec 2022 06:21:22 GMT; Max-Age=1209600; Domain=.eskimi.com; Path=/; Secure; SameSite=None
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
cache-control: no-cache
date: Mon, 05 Dec 2022 06:21:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- data
Size:   587
Md5:    4e3df4cdefc15442ae3d360874b78758
Sha1:   ef47fc6370731056f1c8248d1f095b72c50bfa9f
Sha256: e1fa291b1a09c59cee85db73b06eb39a9ec74cab695e58fc9fcc56c7c98bf3eb
                                        
                                            GET /sdks/OneSignalSDK.js HTTP/1.1 
Host: cdn.onesignal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.226.52
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1525
expires: Thu, 08 Dec 2022 06:21:21 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 774aae5ed859b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9097)
Size:   2866
Md5:    7c950e51f0a1f2591ae7de2bba9bad23
Sha1:   9afd5094f767c3f19df0d56f6f906cd955594d88
Sha256: d4fc7f55bcde348fd6b20c8dafaa25be06f8b03227e4dfca11e6d35e62f92bf4
                                        
                                            GET /syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e HTTP/1.1 
Host: x.bidswitch.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nationalcasino.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         3.73.96.152
HTTP/2 302 Found
                                        
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/syncd?dsp_id=409&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&redir=https%3A%2F%2Fechoback.ads.sportradar.com%2FechoBack%2F_adsCookieSyncCallback%3FuserId%3D9124af7a-5a9f-4371-8a5c-2f6dac73c33e
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=202be5d2-d787-4ebd-8455-362d9ea454e1; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure tuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2

                                        
                                            GET /xuid?mid=7963&xuid=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&dongle=3oy7 HTTP/1.1 
Host: eb2.3lift.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         13.248.245.213
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2588
Cache-Control: max-age=96403
Date: Mon, 05 Dec 2022 06:21:22 GMT
Etag: "638c5959-1d7"
Expires: Tue, 06 Dec 2022 09:08:05 GMT
Last-Modified: Sun, 04 Dec 2022 08:24:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D HTTP/1.1 
Host: x.bidswitch.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         3.73.96.152
HTTP/2 302 Found
                                        
date: Mon, 05 Dec 2022 06:21:22 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/syncd?dsp_id=409&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&user_group=2&redir=%2F%2Feu.sportradarserving.com%2Fbsw_sync%3Fbsw_uid%3D%24%7BBSW_UID%7D
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=37659f5f-2614-4807-9876-c83cddd71114; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure tuuid_lu=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure c=1670221282; path=/; expires=Tue, 05-Dec-2023 06:21:22 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2

                                        
                                            GET /app/vendor.7443690a9a6ea18c.esm.js HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Thu, 17 Nov 2022 09:01:28 GMT
vary: Accept-Encoding
etag: W/"6375f868-35b744"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFHDN3D1NEvdUqCwResAzu7Xlv2DfwCL90c3ocprcjYmSrz4FO6YlHx0Gs5FuJCTWl2qs0A5PYRtnZZ6SCisG4Tive00LBRc8PTQeIV4xtRhufVcz5Yuy%2BR%2BGlEKzHxNfUdDYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae626834b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   698895
Md5:    5323b5f8de31a49f6c6a3967c1e56a8a
Sha1:   7df58c0abb7638c2a013a360d9fe84719323a1b7
Sha256: 090330cf4dbc1a66411d6b97bf6617d25ab7ffe052b39fff7b7f48de0421fb2c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:23 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=415525,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774aae69996a1bfa-OSL

                                        
                                            GET /sync?dsp_id=409&expires=14&user_group=2&user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&cb=3760af98-0439-49f1-999b-0a98403fb945 HTTP/1.1 
Host: x.bidswitch.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         3.73.96.152
HTTP/2 302 Found
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
content-length: 0
cache-control: no-cache, no-store, must-revalidate
location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=9124af7a-5a9f-4371-8a5c-2f6dac73c33e&seat_key=409&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/api.js?render=6LcIXVIiAAAAAOSkusfnmE4Oe97qAFgJYg71vdQc HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.132
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Mon, 05 Dec 2022 06:21:23 GMT
date: Mon, 05 Dec 2022 06:21:23 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (884), with no line terminators
Size:   584
Md5:    cb83e4684bbb5f087a80e28b6803a57f
Sha1:   38b1365e1b6e709c4d265819410f391aec084ed7
Sha256: 7a797e09f2abb77770e0ed24eb303039439404984775ae7dedeaa067f470d8de
                                        
                                            GET /img.gif?f=sync&partner=8085a55cc8720072416da5835af0ec0fab6b176a2deb4185f40aade2c7db9f90&ttl=&rurl=https%3A%2F%2Fnationalcasino.com%2Fpromotions%2Ffirst-deposit-bonus%3Fbtag%3D667497_8E81AF21C4D04AC49975CDFB0D1FA21E%26utm_source%3Dretargetvr%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-National-Ksenia%26utm_term%3DUbidex-National-Ksenia%26subid%3Decc41gxqdibgxlp5b3 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Mon, 05 Dec 2022 06:21:23 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b5b5d7581c8946c582f3e162b12fd847; expires=Tue, 05 Dec 2023 06:21:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-189011525-1&cid=1087109354.1670221279&jid=1850108184&gjid=964405871&_gid=293443561.1670221280&_u=YADAAEAAAAAAACAAI~&z=1348590225 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         108.177.14.157
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://nationalcasino.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 05 Dec 2022 06:21:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 06:21:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            OPTIONS /api/v2/casino/producer?is_desktop=1&is_live=1 HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdtZPC4U1Yo%2FdIzHxA1lBZW282n6oZwXXypyM3sZt2MRaCMGRqTAl4xF8bElITLimYMz11R2KaRQCwJsOuZlzU69B7RDEFoAVQNpfD3xEb58bzyGIdShNB4OtPGAXG0c2xrO%2FwJeghLM4YFrxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6844fac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/v2/casino/producer?is_desktop=1&is_live=0 HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhCI8MvitSJW9e471GhHTHuDp3oGFq10d29uUBWYJsnstmeB%2F%2F4csTSfLE092nXBlzihX33KIRcXHofkkrCsJP%2FRmemF9f6rjpul7mcGaYZxJBsHQkY6VHnwscjz5rzWTisqKmNRpamxG9rGCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d884efac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/data/get-currencies HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n99STN4MYSfrdMDZsKGpQLlMOIuqosrn%2BNfqRvwrj01woyCWXauhi1ktehMFTlA47YLorX6ktth1T4MzR6OxzrPAqIFRSgnPKFkDSGAiAa7AjRPAK4eYobDkwnN%2FFnWMFpYrcY36iwIcmz2VMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d784afac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/v2/ip-data HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjdBRrtS9ORcWB0Migb2sYzWDbMG17nOvrBnZA4abpvTRnV0bnPrWU4M%2FSk8az7zRvI%2FXKyBq%2B7YAMwZoDQC9y3FcotK%2F4YhQYZ%2FjO%2Fh3x0j2cYCDfYuOP9idOzFky9%2ByNBrT21JLc5r6g8dwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6842fac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/v2/casino/category?auth=false HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXVbLeYsTl90NrLMOd2%2B7M9Ac7v86yIYe5F59F2XpXw71XFtA9gvW63xQer%2F%2Bkn%2B6IRkpr6zFEXxrohiugQe2OVDFvTrIRHVTptPeNnJt7iqnXwjxffv%2BRPZEjjAV7ZTsq4LKpTzRFcN2RZjkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d6845fac4-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /api/promotion/list?onlyPromotionType=0&lang=en_GB HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SMC3dsKIeLWIct1c%2FdrI7p7Estox95mXVmp61x%2BIbmqa6zd2zW0wk7c%2FF6OatJ4oEfSPzELnWDUC8Ag5m26NavxsuZy0xcdehpwNqSNzMKR%2BQvHczGfX96fS%2FfFIyw76r%2FDhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6bdea9b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (9201), with no line terminators
Size:   1914
Md5:    564d8483a6cc1d3aa35433e68612bc7a
Sha1:   1736bee49705561e95405c1dd31d54ab33cca2a7
Sha256: d86f7b752c09fd1cf5126d91633d3346cf276c3af0d043ac4cabed93071e0baf
                                        
                                            OPTIONS /api/data/provinces HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stKkMIfX%2FGaPGAeV3pReOk7iATlyI5bRj%2B0gFkGrktl8gEQ4TIPoGtJ%2BBXqscQMhPvrHUtHO%2BM%2FhYxyqYzVXyPn5nNlsRkI%2BEQ0LY%2F4dIdf1eboq8ZgxiD2QWya57OZG%2FHGaU4hPhE51nlVsUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d784dfac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/v2/configurations HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpNUTf3JBV3v81CHua3EHX4uJQq%2BbcJ7IdGoYB%2F0gTIHLwz0KRh7LWz9Dukm%2F%2F0kYlibQ%2BdZsgdc3K9fJmR%2BbghEE3vm6G5jLE%2BDoV%2Bl4bhpwzBu03I7rt4nXeU1U2xNXCc7udHuZidj5lpWeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d8851fac4-OSL
X-Firefox-Spdy: h2

                                        
                                            OPTIONS /api/data/get-countries HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: client-timezone,content-type,x-requested-with
Referer: https://nationalcasino.com/
Origin: https://nationalcasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         172.67.69.139
HTTP/2 204 No Content
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
access-control-max-age: 86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FO8imQTuKdju0YrvjqWsV4X%2BYb12T74Q8EJyeO7n2v%2FNxqYQgbyrdG5FS%2BXmQyzfmlI85mH%2FVyqbpNXnPaXBtVRdsPCRzN2NTutMQywSmBHVZ6ndQuN2slD4e%2BNnIjbFsyHT9qHBXJIC4Wbx1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6d884ffac4-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /api/data/get-currencies HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daQdGksT1xL5NIPwkuU6SFLLaRw4MqhyJbEY%2BSbnpTog4K2c2VChfy2KzhxU2BtfBJd1YfTkFPAne2UZuHiYDPJYuyY3Ak645f6PnDvOKMDN8Ksd0vOTJBbdvu1bGg%2FQ9JZWnaekRFCAcLMsSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e585fb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (10236), with no line terminators
Size:   163972
Md5:    b9e82d0788cc5ca139921e7ac8510cd3
Sha1:   39b4479648aaf2406015b47e7cf4366d0d0a5273
Sha256: f5123108a5a81358334ed8b37acc16f05e5e01af535f6edc4f1d36c0b2a52da2
                                        
                                            GET /api/v2/casino/producer?is_desktop=1&is_live=0 HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdytJRx4kvEuHT1P87x%2BQhAvMb6QjfwVZKSGTC0rw6pRAOdea2ea%2FfN%2FpDXNHFcIHYLiuhgwsnKzBId0pycrZLPx%2BBbUY%2B5FXBrSbHDRV1Jpr8WV7hTZLLJu3vQu3mY6BhSq6n3YiRTL1HaZlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e485cb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (34660), with no line terminators
Size:   3140
Md5:    a6c25ab847b42fd10f2d677f0152abd5
Sha1:   b68386807a60c630e98fc2a7fcd314da0c71a223
Sha256: 11d93bb3692fa47a0e352f6509db2c7b6e7e42b27c13fc37514a9cc1db559b5e
                                        
                                            GET /api/v2/configurations HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JRxqr6Ob2wT0syGWDUFftCmkNvQml3tJN6NiDTHVG3SHCfhQWhIZauG%2FwJ3gnp2Hsz6RAdWNsYjDzR%2BSEDQ7jka7VqsXqZB%2FzTkLIuLbCSGdyYNUXt72xALSQoBvSziPi0pWdPMlX%2B6lwRC6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e78afb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   6360
Md5:    085560d66714a3a2067f0bd013e9c8a4
Sha1:   44bd5f445611e3e4d0a53dcdcfa04c50b6fe2975
Sha256: d41cdfdca08393f5b3e762ba9976c2380f278191902f7809086ca942e5a6e58d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171542
Date: Mon, 05 Dec 2022 06:21:24 GMT
Etag: "638d7afb-1d7"
Expires: Wed, 07 Dec 2022 06:00:26 GMT
Last-Modified: Mon, 05 Dec 2022 05:00:43 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pXdDYD_vg_DRAz4TOBn_dBJIpTSQE_iKQSF_AyR8yid5XoROJD-pmg==
Age: 3583

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171540
Date: Mon, 05 Dec 2022 06:21:24 GMT
Etag: "638d7afb-1d7"
Expires: Wed, 07 Dec 2022 06:00:24 GMT
Last-Modified: Mon, 05 Dec 2022 05:00:43 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KPFicSekZl3Dqms5PVY2NjqdfvOoeL_eyndurWi6KOIXxU22VPv23g==
Age: 3581

                                        
                                            GET /api/v2/casino/producer?is_desktop=1&is_live=1 HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QF9TkcKPWQ2dOYYxU5bD1VP9wI%2F%2B8JXdvM35QnYQVmaDcTAuJ5TJetvcdI2YrBNLx9b6lTWYcvodRz3YTpJDPmgmSxe%2Fz4dEFdWLRs1xuqeMumP9UC4942MLyS81tuTDUuZY4J8qgWJC4JZSyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e2844b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5122), with no line terminators
Size:   675
Md5:    d693c3f05b10d786c22f4b0d86d46f4f
Sha1:   fe7c313bc334dfc12f293a96bd8727046998f8f0
Sha256: 138cf7028c9c17380f5de0fe104bc6ac7efc390fdbd548e66f065a116e548bfd
                                        
                                            GET /api/data/provinces HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1d4H7e5aiENPlrBz93Pf7CyttbI13x3PAbhgFfAxT8m8iRQh8%2F0uArsXb7arswWCXZzN7nB9UYUrEmGPWxlyTtRqxK8IjxVPgdE6QaS2BM%2FAIC7PB9yxynLU1CB2u7nSMtjWRaO1Vgjm4WKOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e78aab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Roboto:400,500,700,300,900&display=swap&subset=cyrillic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 06:21:21 GMT
date: Mon, 05 Dec 2022 06:21:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /app/styles.0b355258e5d259e1.css HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Thu, 17 Nov 2022 09:01:35 GMT
vary: Accept-Encoding
etag: W/"6375f86f-3f6b5"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7YOKRJlhWHmJmgkErKoDqYplewbtCapKyCAzlENvuhTwNsHd4UZZ0alX9rOd62URcnSKBfzLlcPO1Gx4%2Boj9UBGWZO0QI8FOJIMIh6xRDkMZO9%2FdC%2BYJUmDZRz19SM7G9t0CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5e8d73b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/promotion/tournaments?lang=en_GB HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia; _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
cache-control: no-cache, private
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jv50bE0EshAnZl4wPak0RQB6z3wGG6eiKI1ZGamtIrL11TcAT5S1T0kNDLG%2BJ%2Bv7IwCHV5jcsDypRGqyFb58jki6U%2B%2BlyHHPUAMTyPV512s%2BUbFNp%2FaD2WCI1Hp3q3Wx68u4Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6bdeafb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/v2/casino/category?auth=false HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RGCOPvWpbX%2FF1ZOSgSIxzlRLpQ4SHlbRdoXZY3asxScKztrqTrRCffBjzefiR%2Bpyi8%2FBm0KTvp9M0%2B5H%2Bul0HU4C8ksaMIggO1q%2FhZ7%2BWjifMg7P8P7wEdBNy7MYnMG1ZQj9nLcx81%2FWVXwu1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e6887b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /app/runtime.b2e82eb996bed5b0.esm.js HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Thu, 17 Nov 2022 09:01:21 GMT
vary: Accept-Encoding
etag: W/"6375f861-1fb1"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emldHUGtwyYI26DIzKCZbhKs9c2tvn4wOveDoIPme4W0u37ha%2BtcMruJO91Cwn57wBp1mJvxVFx4dzEzcpwKD1Hl2vurfxsxW1Ulul721hT59nPyHfXIgNiFRuocxsGZpmlOMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae626833b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /app/polyfills.9981ee15c1709677.esm.js HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Thu, 17 Nov 2022 09:01:15 GMT
vary: Accept-Encoding
etag: W/"6375f85b-2d895"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfkpM8lZ52aSfGSLS2vlDO5REbT2UfGxelzP%2BcD0Tn9DkV3iJcT2myC6NiPzH661fEF4g%2B0YX9VbKj1vry4bIUmz1DqhXwgUSnqb4cGY69ENTPDgNKZduKhIq2TCPoJnvFmAow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae62682ab4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /app/main.afe1d482adbb8c73.css HTTP/1.1 
Host: nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/promotions/first-deposit-bonus?btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
Cookie: btag=667497_8E81AF21C4D04AC49975CDFB0D1FA21E; subid=ecc41gxqdibgxlp5b3; utm_campaign=Ubidex-National-Ksenia; utm_medium=Ubidex; utm_source=retargetvr; utm_term=Ubidex-National-Ksenia
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 05 Dec 2022 06:21:21 GMT
last-modified: Thu, 17 Nov 2022 09:01:15 GMT
vary: Accept-Encoding
etag: W/"6375f85b-31e3"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58cIGYvZWxpI%2B4BTYWZazw0VmPT3GHg%2FhJ2vk11HXSlIlod%2BoW69iLHOSllUgam%2B%2FN4zQJfNfP5QwqUyWsXSgAl8ynC1noeVJ0%2FU6dQ7nD3evwDm9haDzXjKjmY9jS23QIF3AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae5e8d72b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/v4/agent.js HTTP/1.1 
Host: cdn.seon.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.35
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 09 Sep 2022 15:20:31 GMT
x-amz-version-id: mfjcVMYC8eQg.3.C.jDktKY9HpyiJtFK
server: AmazonS3
content-encoding: gzip
date: Mon, 05 Dec 2022 05:40:35 GMT
cache-control: max-age=3600
etag: W/"7e416f9feeb805e04c423899736c48e2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 03z-C1jK0UAIcz0LaBh6fX9F_XgAJyZapJShXl6XnPDcIKNP_rB-MA==
age: 2509
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/track.js HTTP/1.1 
Host: assets.customer.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nationalcasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.127
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Fri, 21 Oct 2022 17:44:53 GMT
server: AmazonS3
content-encoding: br
date: Mon, 05 Dec 2022 03:45:59 GMT
etag: W/"4c5f83ddacacecc5a74e105c6940b5ca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ox9YikjKR5iUkXVt8pRIXeSqpWuViF7TCG2Ht93WwXwT7vfPA5cZ5w==
age: 16363
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/v2/ip-data HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
client-timezone: UTC
Origin: https://nationalcasino.com
Connection: keep-alive
Referer: https://nationalcasino.com/
Cookie: _ga_9G634HNY5N=GS1.1.1670221279.1.0.1670221279.0.0.0; _ga=GA1.2.1087109354.1670221279; _sp_srt_ses.1060=*; _sp_srt_id.1060=e61164f4-f3b8-4279-bdf5-1aaf14e85396.1670221279.1.1670221279.1670221279.10d3b2e1-2f77-4206-9376-318236f62ba8; DV_TRACK=5923f043-0aef-4000-98f7-cd379fb209c1; _gid=GA1.2.293443561.1670221280; _gat_UA-189011525-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

search
                                         104.26.6.72
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Mon, 05 Dec 2022 06:21:23 GMT
vary: Accept-Encoding
access-control-allow-origin: https://nationalcasino.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,client-timezone,LOCATION-SMART-HTML-SESSION-ID,LOCATION-SMART-DEVICE-SESSION-ID
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEnfhkHcJSmXRHjaJcUGDz2f%2F%2BcD1aWFBBlCB1Bz3t2r3tdqBuAYvx2%2BqHblxHKCI5n3l%2FvttWpMB7ng3wZf%2Fo0OFIumDDvX0Dc%2FzbS2kARSU%2FDTphBQ9xJx6iwPCMXY9v5z%2BKzI3SlSvuAd6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774aae6e6885b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /click.php?key=fqwyfkhxnjuqvm1tdngx&clickid=45838fc6-d97b-41e2-88ef-9f0863100eeb&cost=0.0838&PUB_ID=81&SUB_ID=0b6db819a583befaf431100a36249fee&KEYWORD=&SUBSCRIBER_AGE=28&SUBSCRIBER_DATE=2022-11-07&BID_PUB=0.0838&CR_ID=1694&PUB_NAME=RichAds-push-inpage HTTP/1.1 
Host: newbinotracs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://us.doctorpost.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         49.12.123.158
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.18.0
date: Mon, 05 Dec 2022 06:21:18 GMT
location: https://media.playamopartners.com/redirect.aspx?pid=180698&bid=2036&lpid=523&utm_source=retargetvr&utm_medium=Ubidex&utm_campaign=Ubidex-National-Ksenia&utm_term=Ubidex-National-Ksenia&subid=ecc41gxqdibgxlp5b3
set-cookie: uclick=gxqdibgxlp; expires=Tue, 06-Dec-2022 06:21:18 GMT; Max-Age=86400; path=/; secure; SameSite=none uclickhash=gxqdibgxlp-gxqdibgxlp-2tb40-0-gxzw0-gmgxbl-gmgx8n-423434; expires=Tue, 06-Dec-2022 06:21:18 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/data/get-countries HTTP/1.1 
Host: platform.nationalcasino.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest