tele123.online/id/wheel2/indosat
79.98.26.18301 Moved Permanently 248 B URL HTTP/1.1 tele123.online/id/wheel2/indosat
IP 79.98.26.18:0
ASN #212531 UAB Interneto vizija
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9501f9e222f45b5acf04addfcc047b36
4ded08ffe07f36819af8372a5b2a22395620f4dc
1cb5f905fb04413384a07cd54c141afb1bff3f42b4715cc9bbe0ead4ad7f57c2
Analyzer Verdict Alert fortinet Phishing
GET /id/wheel2/indosat HTTP/1.1
Host: tele123.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 08 Nov 2022 03:18:59 GMT
Server: Apache
Location: http://tele123.online/id/wheel2/indosat/
Content-Length: 248
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7a8ba48383a0e56baca8c8c41b81a04
b04c1f1e730a71f17ff639c9db697c532d4e5421
7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3383
Expires: Tue, 08 Nov 2022 04:15:23 GMT
Date: Tue, 08 Nov 2022 03:19:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9fd081ea88e8b8563986b3e558496d21
60700393dce5eb42c0db0d5feef340f4832e3c65
d92555957857423ed02f0d0435739bcd40a996591c73f40315564b372f6e2395
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2497
Cache-Control: max-age=114835
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:00 GMT
Etag: "6368de76-1d7"
Expires: Wed, 09 Nov 2022 11:12:55 GMT
Last-Modified: Mon, 07 Nov 2022 10:31:18 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9472
Expires: Tue, 08 Nov 2022 05:56:52 GMT
Date: Tue, 08 Nov 2022 03:19:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: spc75RdG91gDNieLzQtw4qeOOIv5+o/Wu0JC4aoNuS6362pjPQWH6mNOHEI9xTc3VYmwuoEAspi13Rz0buUGWg==
x-amz-request-id: 23TQBBNTXEGEGEW6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 02:48:20 GMT
age: 1840
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
tele123.online/id/wheel2/indosat/
79.98.26.18302 Found 0 B URL HTTP/1.1 tele123.online/id/wheel2/indosat/
IP 79.98.26.18:0
ASN #212531 UAB Interneto vizija
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /id/wheel2/indosat/ HTTP/1.1
Host: tele123.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 08 Nov 2022 03:19:00 GMT
Server: Apache
Location: //whampamp.com/4/5087048?var=ed2
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 03:19:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
whampamp.com/4/5087048?var=ed2
139.45.197.236200 OK 3.0 kB URL HTTP/1.1 whampamp.com/4/5087048?var=ed2
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash e030ad35d67581e22d713caebcb00419
90c40c2e48cf3185d685b423879ef8ea4342cac5
0c4717e292ce58fb734a907b315cda8ac3e8ec7a0802f967c430254253ee55fd
Analyzer Verdict Alert quad9 Sinkholed
GET /4/5087048?var=ed2 HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 08 Nov 2022 03:19:00 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 99411ab61d269b2490b72b15d1490886
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=38b42779d4784ec693e1334779c81262; expires=Wed, 08 Nov 2023 03:19:00 GMT; path=/
oaidts=1667877540; expires=Wed, 08 Nov 2023 03:19:00 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
whampamp.com/favicon.ico
139.45.197.236204 No Content 0 B IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://whampamp.com/4/5087048?var=ed2
Cookie: OAID=38b42779d4784ec693e1334779c81262; oaidts=1667877540
HTTP/1.1 204 No Content
Server: nginx
Date: Tue, 08 Nov 2022 03:19:00 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2fe5c9e4eb3628bf2ec24516ac5b1efd
d5d6e1081969ccb5a2c859dbb08ac31079d6ab75
11f8421ed48150683cdab40019b712583b575b36adc3878142b336138607da0a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 03:19:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 06:25:22 GMT
Expires: Mon, 14 Nov 2022 06:25:21 GMT
Etag: "d5d6e1081969ccb5a2c859dbb08ac31079d6ab75"
Cache-Control: max-age=528980,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 766b2a250cb2b512-OSL
my.rtmark.net/img.gif?f=merge&userId=38b42779d4784ec693e1334779c81262
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=38b42779d4784ec693e1334779c81262
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=38b42779d4784ec693e1334779c81262 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://whampamp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 03:19:00 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=38b42779d4784ec693e1334779c81262; expires=Wed, 08 Nov 2023 03:19:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
whampamp.com/?z=5087048&syncedCookie=true&rhd=false
139.45.197.236302 Found 0 B URL HTTP/1.1 whampamp.com/?z=5087048&syncedCookie=true&rhd=false
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5087048&syncedCookie=true&rhd=false HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 463
Origin: http://whampamp.com
Connection: keep-alive
Referer: http://whampamp.com/afu.php?zoneid=5087048&var=5087048&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=38b42779d4784ec693e1334779c81262; oaidts=1667877540
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 08 Nov 2022 03:19:00 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 1e126f60406cff997f5fd35527535770
Link: <https://entioneryconnium.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://entioneryconnium.com/fcf5216c-900c-432c-8f7e-06f9719b0174?zoneid=5087048&bannerid=15453303&zonetype={zone_type}&campaignid=6257370&device=desktop®ion=03&isp=blix group as&useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
Access-Control-Allow-Origin: http://whampamp.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=38b42779d4784ec693e1334779c81262; expires=Wed, 08 Nov 2023 03:19:00 GMT; path=/
oaidts=1667877540; expires=Wed, 08 Nov 2023 03:19:00 GMT; path=/
syncedCookie=true; expires=Tue, 15 Nov 2022 03:19:00 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6f4643306be10417c47176a6e67306f
940a13818904add9e1cacd12610f37ba1efd7bc5
67e51095b5da59b3eeda8a28c81789e69064a0a19a93347c2fcb05fd4b21e6d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5753
Cache-Control: max-age=113018
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Etag: "6368caa6-1d7"
Expires: Wed, 09 Nov 2022 10:42:39 GMT
Last-Modified: Mon, 07 Nov 2022 09:06:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
entioneryconnium.com/fcf5216c-900c-432c-8f7e-06f9719b0174?zoneid=5087048&bannerid=15453303&zonetype={zone_type}&campaignid=6257370&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
35.157.125.133302 Found 0 B URL HTTP/2 entioneryconnium.com/fcf5216c-900c-432c-8f7e-06f9719b0174?zoneid=5087048&bannerid=15453303&zonetype={zone_type}&campaignid=6257370&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
IP 35.157.125.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fcf5216c-900c-432c-8f7e-06f9719b0174?zoneid=5087048&bannerid=15453303&zonetype={zone_type}&campaignid=6257370&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3 HTTP/1.1
Host: entioneryconnium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 08 Nov 2022 03:19:01 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://casinonorgeonline.com/?cep=qAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo&lptoken=16ee6716878093fc41cb&zoneid=5087048&bannerid=15453303&zonetype=%7Bzone_type%7D&campaignid=6257370&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
pragma: no-cache
set-cookie: fcf5216c-900c-432c-8f7e-06f9719b0174-v4=0bOVO3Y4LbSKLbJVGSY_HkPMn6UPBgBzBkj6mbqvVU4; Max-Age=86400; Expires=Wed, 09-Nov-2022 03:19:01 GMT; Domain=entioneryconnium.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=Vaii7qIgyTs2Of-2X0MxcfM6FLIEaiwvEFoUTCUfr2GzMu2rY_AqA7mkdkOGBRgKJweiFhwzdlwYm5RZbPPNyvWBAjvpcqS-vDkoEorEmdiPHLuTqtkPpNII1fTm8cRPH6GRd2-XUg115cDzh7zVrcjuLeLyLziWv2QiCry1oYcMYO2sgwqhPzMAYNXpBS8lC7b-_PsP8kwx3mfrAH-CTSQKGbES_qgULTjZMmx4gxjXSFDHVjeNeHexvP7oDif7alIQ2woYfEgTZBYaPsTxgDTjyyyDiSfRc3PTCnKDGed54bnvAI1ylnQuqGk1Dm87wALR95koYG3abvaFaNfjomCEJ4N26KBEzG28AFmsPGp2aQ8-Wgh-fHUhhntXL5UD5jvSeHng9T7-5Wj4lbqgcUNnO8qVjfOpH02GNVOGHy9s-v3MfNsh_FTRF5OY0nNnAqjQhwa9oT3vHVv2mZ4Q3JLYNrKlryw-kcBpqBqlAGNKVCXbo6vAwW8nTrqIKJ-okUa0vxDRWeuz_esQZZwiKGa-T-5x29mdJ_Mf5ix4MRs5rj3yfksAIQQoJvAg5GTCVsHd3_0aAP3BhsVXTY1Crl_bzWGvUkVLrzlbupIzk80GBKGf-ivmTl8lVGj_1WzGnMwcUQAqc5HDKy_DhwMhpHbigmgqrlFNC-AwMVEFiz-VX5HmcT45rNyAVXmb5jHWZzOqpulyShQkUJnvRzZkxAoHAWxeuDMvUDI9g2giFuCOv4zpKkAZ52UDXUTJh8_0X8gr9rfvpuorYnO-odcCgnb0zkTNkRhftl3WXMmv4J4Qr7hI9d0iQ67lCz17p9p3iHK8FxqJfpPj7w4QTn7GZAorc4yse6eYDqRsV7h1arNAKbZkc6oRsyMNSq3lxI1ATHj5X4xSzfwDKMRtQEgwThxvcS3mCZKOsEb7EZ0PKdiyTfjVgfXdgPYbyNTwlReUO9vmaMHYaXI8Bxz6I_8pJHr8hAd4y_F6csoInIeGwWn-ItwKnYUbZId-vTdvSIG0kJHgXNuWFtS6phTuQkMvMVDVlBtI8CGt63Z_sZk3rpmlbq0-ZYym7KTf5LUXhd-rkmxqgd3TJfYXBdpSnXpkkWjQsDuGgK8f0OjnxZMpylGTetH-zf9eM2MF-G07f01XnPnT_IKFWun1ArbXQE2t0hVroOspbbIIWbfSnwlAb6_9JaDYxYmTmX4RuEqUE4LbUi5xNl4Dg-_WTvGNSfK5y5KrbfrGAK8J__N0ssWHJu0; Max-Age=86400; Expires=Wed, 09-Nov-2022 03:19:01 GMT; Domain=entioneryconnium.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9e88342606868e7b7373d678963e295
e2b1fa41f1a35b97c58323d944f9e1629a4439ca
88cd68962d1470d8d4184181b2a2cc1e2888a32914538278e11eaee0d96e98ec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "88CD68962D1470D8D4184181B2A2CC1E2888A32914538278E11EAEE0D96E98EC"
Last-Modified: Mon, 07 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6637
Expires: Tue, 08 Nov 2022 05:09:38 GMT
Date: Tue, 08 Nov 2022 03:19:01 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.217.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.217.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Yp5B1dmBXUjr9PD62vk6CA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TakCGTJclwHNSrvSQe/nRd41eCo=
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9e88342606868e7b7373d678963e295
e2b1fa41f1a35b97c58323d944f9e1629a4439ca
88cd68962d1470d8d4184181b2a2cc1e2888a32914538278e11eaee0d96e98ec
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "88CD68962D1470D8D4184181B2A2CC1E2888A32914538278E11EAEE0D96E98EC"
Last-Modified: Mon, 07 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6637
Expires: Tue, 08 Nov 2022 05:09:38 GMT
Date: Tue, 08 Nov 2022 03:19:01 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 08 Nov 2022 03:19:01 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 471085
expires: Sun, 29 Oct 2023 03:19:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MyEdytFT%2FyJ3y5J%2FPU7t0gzWYff1x3oyDUCt4UaIqjEvhA0VFHYctPmmrTf5DssGNQSGARTbTurNATCuW7cslBJUrxmgGUJmdLedw7U8EKyO%2BlyoCC21ztBGqV%2B379mjnUVv50X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 766b2a2af866b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 96791bd486db22c41012d25318835bdf
b32c813f16b84a6b2660bd527843da5e368af8eb
61a4589c35910af9f8d20ff0c7eca296a77a336ab00730573fe9ce7cf2cc72c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
142.250.74.10200 OK 827 B URL HTTP/2 fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP 142.250.74.10:0
Hash 629b27e089e8be3dd2db78888b4e940a
70e49406eaad51839ace1604ddcf8821a75c7501
eb7b2be4585cb09872cc28374cd972c11fdca256e76a556e9c75b5e84ae136a3
GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 08 Nov 2022 03:19:01 GMT
date: Tue, 08 Nov 2022 03:19:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d6dbaa7f1a697305cfaabdc859cdb9d3
680fa363852fb33b9b76b83d3ba5c0a4c51499cb
2ccc20d4d484d91da7e9fb07056d62a620af07b21f495be49f54e7e83c988dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.17.25.14200 OK 77 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 08 Nov 2022 03:19:01 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 467588
expires: Sun, 29 Oct 2023 03:19:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHBC%2FEUTFsLujrPL%2Bq1JyNhdlUjAp8rCyRjsJKA6OiF%2Bjw8dzcBozQdvdxK4VlQJ8z0fSNz5h%2F6h8W%2B2ATbvp0B5Q5rI1n56PfDIR8QNtvWDI3o%2Bk1STMmccI5fnShMU9mYQBs%2FV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 766b2a2c0aa60b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-MCSZ5HF
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MCSZ5HF
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash b6aeb32e639dd8e5874797c14fdb8770
0b9c6b67884674acdfcac19cfb7b81f5fe9a7f98
9b4358a44cf336016494487c4d72c865e777c467b09373f601cbf0dc7f22f271
GET /gtm.js?id=GTM-MCSZ5HF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 08 Nov 2022 03:19:01 GMT
expires: Tue, 08 Nov 2022 03:19:01 GMT
cache-control: private, max-age=900
last-modified: Tue, 08 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
172.217.21.163200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 172.217.21.163:0
File type Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Hash e08be6d5d433944f7ad52902e4d24db5
e2600c1d60d12d397b3ee44411a021231d71e974
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 06:03:56 GMT
expires: Fri, 03 Nov 2023 06:03:56 GMT
cache-control: public, max-age=31536000
age: 422105
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
172.217.21.163200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 172.217.21.163:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 14:43:52 GMT
expires: Wed, 01 Nov 2023 14:43:52 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
age: 563709
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
172.217.21.163200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 172.217.21.163:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:30:59 GMT
expires: Thu, 02 Nov 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 460082
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d6dbaa7f1a697305cfaabdc859cdb9d3
680fa363852fb33b9b76b83d3ba5c0a4c51499cb
2ccc20d4d484d91da7e9fb07056d62a620af07b21f495be49f54e7e83c988dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 751 B IP 104.18.32.68:0
Hash 11258ae2538f9b0304f2f797f4cf739c
2036d284a02b37a29f4224567b5c7116b84a82f1
5f0ef226b3791a815140cc67c1d4a2cc4724e9c241ab9e6a4bacfcfdc1516cfd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 03:19:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 06:25:22 GMT
Expires: Mon, 14 Nov 2022 06:25:21 GMT
Etag: "d5d6e1081969ccb5a2c859dbb08ac31079d6ab75"
Cache-Control: max-age=528979,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 766b2a2b480fb512-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1
IP 139.45.195.8:0
Hash 376444d037abbbd9402240f8c222c97d
5ec45f563af8c2debca757decd4e1990557b2e62
e3b4c75f6fdacc921d8fa7ef1d0b8b4c0422c23558af7f5a82e7ec819dbe671c
GET /p.js?f=sync&lr=1&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 03:19:02 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 08 Nov 2022 02:41:09 GMT
expires: Tue, 08 Nov 2022 04:41:09 GMT
cache-control: public, max-age=7200
age: 2273
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a9374206851834987bb6f42fdbde6965
1e7632ba7b83a2258cb88662d2fb2783d400dec3
854af7f8daaf516b72c709bf1c9e6ba2637431efac48d977c520440cb3b99dca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=977271722.1667877539&jid=1196565628&gjid=1015684657&_gid=540410269.1667877539&_u=YEBAAEAAAAAAACAAI~&z=926706692
64.233.165.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=977271722.1667877539&jid=1196565628&gjid=1015684657&_gid=540410269.1667877539&_u=YEBAAEAAAAAAACAAI~&z=926706692
IP 64.233.165.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-247480747-1&cid=977271722.1667877539&jid=1196565628&gjid=1015684657&_gid=540410269.1667877539&_u=YEBAAEAAAAAAACAAI~&z=926706692 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://casinonorgeonline.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 08 Nov 2022 03:19:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a9374206851834987bb6f42fdbde6965
1e7632ba7b83a2258cb88662d2fb2783d400dec3
854af7f8daaf516b72c709bf1c9e6ba2637431efac48d977c520440cb3b99dca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 03:19:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7280
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 03:19:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7280
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 03:19:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7280
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 03:19:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a2842fe-964c-4b53-b4d3-d27d8e27debf.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a2842fe-964c-4b53-b4d3-d27d8e27debf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 520aa96c85cf1ae2eb884b3b5e477e30
333347eaa268453c1dfe9dce8b22c4ad193afbc5
df63dc2c0b4f0beeb0f3c9853ad55c25b044121c905e9224ce3243ed24fc44bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a2842fe-964c-4b53-b4d3-d27d8e27debf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12542
x-amzn-requestid: fb3cb1c6-3c15-48ad-9d4c-e3bc6623789b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQA1RE-uoAMFfjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b54-64996d5d788a2fbd3e9350f3;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8OEi5KX_Y37Ac32N61OQCytR389Hd2E6Mf6i29ilENj3I98s6W3IsQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:12:03 GMT
age: 18419
etag: "333347eaa268453c1dfe9dce8b22c4ad193afbc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f82801-6f26-493e-9038-7e48dff62c0b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f82801-6f26-493e-9038-7e48dff62c0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a141cbda515c166225f5b3b8314dcd03
26f7bacb597a67119bb763d1d03a81a5222a2c91
b375f0cf094cd89cbd52ab013df87f76181a8023715f1ed8b1fe4a20d44f5579
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f82801-6f26-493e-9038-7e48dff62c0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12525
x-amzn-requestid: 0b15f964-6154-44ce-a537-4c8402e387c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bHRLCFBpoAMFsMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365fbe0-177041f7562907be268f5a10;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 06:00:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bWLlArevalY-MpKc8DlT38lwNyHhY8omPAbeGu7kys1QjBwMe-t2IQ==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:13:35 GMT
age: 18327
etag: "26f7bacb597a67119bb763d1d03a81a5222a2c91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ff4c1be0934222258267f7595f2ecde
5d51855ed7cc6f8cac53eef1730212eb70b28036
49ce70117f2b108ebcff7f8e0ac14b2583eaf6b36a10baff097b35b728ba44d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10781
x-amzn-requestid: c5063271-8b84-41d7-899c-958c135541c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAwTF2cIAMF0DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b34-6b6018d826efae3e3738a7d9;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tL667rmWZPwJrD76JI5jBbUa3oEwaLZc-A5omJ8WyQMzsxDgIXsQhg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:11:08 GMT
etag: "5d51855ed7cc6f8cac53eef1730212eb70b28036"
content-type: image/jpeg
age: 18474
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap
142.250.74.10200 OK 12 kB URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap
IP 142.250.74.10:0
Hash c9987764149f1639741247dc91da3558
e51ecbeaae25f3cbd62c93a230c5d2c5cf0f4719
6a1cfd45598515cfe4bf5cd65b0e8d30af512427b223e9ed86b0d637751bb6a5
GET /css2?family=Inter:wght@400;500;600;700&family=Poppins:wght@300;400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 08 Nov 2022 03:19:01 GMT
date: Tue, 08 Nov 2022 03:19:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q0yZmbExDP4tH0n1n2qj_NR2Mv_y_dsO0LJ1RKZoS6Me-NLbhpUWqw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 09:11:38 GMT
age: 65244
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53771fc6-60e5-4f18-8cc7-e8411e2b99d5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53771fc6-60e5-4f18-8cc7-e8411e2b99d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bcff76df653cc2141d328013181ada9e
9343a49b3846f73e34d32a6bc7569a1c67e89894
affab8aead0d38958a7232bb8a866fffdb85b243174968f6b1bea220ae0152d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53771fc6-60e5-4f18-8cc7-e8411e2b99d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5325
x-amzn-requestid: 6fe63702-6974-4a3d-82ba-9636858f1f7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQA1cHPxoAMFjCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b55-593b06387844528377de364d;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: T5totlLjxjd4OgFCxpIYsyz3u5vgI-vJH0qvw7wQ96X_sr8PfMDbbw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:56:33 GMT
etag: "9343a49b3846f73e34d32a6bc7569a1c67e89894"
content-type: image/jpeg
age: 19349
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=b93dc515d482424d2787ed94766901181161369e6a80abb29aef56fcf5fb16b1&ttl=&rurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 03:19:02 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6c8888375ae844878943b6bce36a4f69; expires=Wed, 08 Nov 2023 03:19:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
casinonorgeonline.com/?cep=qAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo&lptoken=16ee6716878093fc41cb&zoneid=5087048&bannerid=15453303&zonetype=%7Bzone_type%7D&campaignid=6257370&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
104.21.18.31200 OK 0 B URL HTTP/2 casinonorgeonline.com/?cep=qAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo&lptoken=16ee6716878093fc41cb&zoneid=5087048&bannerid=15453303&zonetype=%7Bzone_type%7D&campaignid=6257370&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3
IP 104.21.18.31:0
GET /?cep=qAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo&lptoken=16ee6716878093fc41cb&zoneid=5087048&bannerid=15453303&zonetype=%7Bzone_type%7D&campaignid=6257370&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&language=en&connectiontype=broadband&cost=0.002450&visitor_id=613685484354544305&rdk=rk3 HTTP/1.1
Host: casinonorgeonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 08 Nov 2022 03:19:01 GMT
content-type: text/html
last-modified: Sat, 05 Nov 2022 01:33:00 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9ze8PDNgCXsaKCwx88PSb%2FIWZJNx3hUnUm8bs348VC6EEIcOflLF1Q6RtXUNIsI8zodXmI7go%2BZj72YVuEp%2BE46Tm4zyVhhH8%2F8Byi%2FpMdwcByPosXvQf%2BkXQ5sODzi0pIaoGVicqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 766b2a285d02b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
172.217.21.163200 OK 0 B URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 172.217.21.163:0
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://casinonorgeonline.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 21:48:50 GMT
expires: Thu, 02 Nov 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 451811
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
entioneryconnium.com/d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667877539024
35.157.125.133200 OK 0 B URL HTTP/2 entioneryconnium.com/d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667877539024
IP 35.157.125.133:0
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fcasinonorgeonline.com%2F%3Fcep%3DqAW-9opnyHXFlhG3nexafqrkmyti5uF3hNVcw1__TF2LbBYuRz-ZZdWuZigCaPxFpOgN_bzouXdkWaayy8YRQC5x6A2m7JCWbdQcQmESRmU2waGmPPg17ajC-RoX_UqEor8JOTRbzEc6EC1WiYZu4CrEG3SJhHc2FJOMgkkCKAOMteMknYAgXRuYAzZgkwUSM5PE37tZAFuWcqZGszr-JdHIoB8UEXmRqDht030gm2TVf3tm0MYAYuMcNWZIK4rLD6oQm4hVhI2jN0Hs5VbYNFzucz-j2Epd8JzjU7pYfXN5GpIH6XPNUrPeV1FEAoC4G99lOAOlmAe_IuH6uc-ADngJ_mkAQb8twiKQGJVgFGDhaEs6_v2NfvSvY-XP-Hqt30Z51fJqkC_4A431yE2l9yqvA8xp72nJz9WImRxlYpUPxsCZbNn7HO1DEq_sdHlAUwTKNHgbbFCDC924m8BD1K5Kglehg3o5kM1e85J_5aiYtgtdwC_AcGBc7BJBhXV1-vn4NfeNpYgtCTxux8WFnCOS8PaNuK-eluLzEH6bmMS43MsHc4CmvtsxlsIPbghqELN-U0oLGrGVF7fSUO2anUr8EHRgu3AKUlMFd8F8-ftanMLp_aE3Pp-ykzKE9eI1Ml1307UWf5S7Jck9Wq7Rx-esWsqB1qIeRwAlUlPzj5BysA_A4oZd-qAs0Or9_2IouZv1Eh63Cvf7QBsJZtce5r3uk7nabKbzCd-UD52WM_SgqCOFuR0zfF-HNnHSGIBTFS73REtNtcqBfsYNqs6F-fgMdoeqWE9C7vV-6-TeC0omCXMMhKTa5nUCLTJiXJVOGPlkOCnNmHd0mhv9Tud3FXG_vb3XUGWKCYyQVSd2IKsJ40AMups2Bt9j9dvvTmC4Yk5xfw5O3f5qTMWtlo-FTGv-t33LahmEg-KybvGSCFFZUehU_lE2mMxNxl30uo9SGcmYNxRRSubKlQnmWAJPmd5telsBCXHnTi25Yu27IB_yFNGHNjMXQw4y6wTNUMrNOcy_xy--CTfaUWN8_QsnXC_AscfhldZZ98ME14I2EY5GzrB0aGU_9f2R5qJ9St6IxsgmVlhUrQqulPcYv1uoDAr4MevcXpzUVAwwVVzBS-Nv30YoZvEVu4Ulc20dJQiNGrpIV4Jovr-bxNY1s9xRFcgYkkUJcnbJbs3eDsbMRltSzFtslATSfJUKfTmEi45MdM6u6de4W5DfC16d-pENE097NvgfMSW95QpOCF4gTNo%26lptoken%3D16ee6716878093fc41cb%26zoneid%3D5087048%26bannerid%3D15453303%26zonetype%3D%257Bzone_type%257D%26campaignid%3D6257370%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A105.0%2529%2BGecko%252F20100101%2BFirefox%252F105.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.002450%26visitor_id%3D613685484354544305%26rdk%3Drk3&lpt=Norske%20Casino%20P%C3%A5%20Nett%20-%20De%20Beste%20Norske%20Casino%20Online&vtm=1667877539024 HTTP/1.1
Host: entioneryconnium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://casinonorgeonline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 03:19:01 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2