Submitted URL: http://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/
Effective URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Submission: On December 18 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 6 domains to perform 17 HTTP transactions. The main IP is 3.33.158.153, located in United States and belongs to AMAZON-02, US. The main domain is leon.casino.
TLS certificate: Issued by R3 on November 10th 2023. Valid for: 3 months.
This is the only time leon.casino was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 3.33.158.153 16509 (AMAZON-02)
16 2a03:90c0:41:... 199524 (GCORE)
17 2
Domain Requested by
16 landingpageslb.gcdn.co leon.casino
landingpageslb.gcdn.co
2 bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online 2 redirects
1 leon.casino
1 ksa5lu5y3o.com 1 redirects
1 go.elbe1lif.xyz 1 redirects
1 tds.flakozt.ru 1 redirects
17 6

This site contains no links.

Subject Issuer Validity Valid
leon.casino
R3
2023-11-10 -
2024-02-08
3 months crt.sh
*.gcdn.co
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2023-07-07 -
2024-07-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Frame ID: EDC8AA33BF394D76719BA9B404233181
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

LEON

Page URL History Show full URLs

  1. http://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 301
    https://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 302
    https://tds.flakozt.ru/1?q=index.php-bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 302
    https://go.elbe1lif.xyz/click?pid=21102&offer_id=4210&sub1=2a01:4a0:2b::9-de-erlangen-index.php-bets... HTTP 302
    https://ksa5lu5y3o.com/?serial=34074&creative_id=543&anid=21102_65805487d85e1a00013d1ddc HTTP 302
    https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d8... Page URL

Page Statistics

17
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

2
IPs

2
Countries

1523 kB
Transfer

1522 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 301
    https://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 302
    https://tds.flakozt.ru/1?q=index.php-bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/ HTTP 302
    https://go.elbe1lif.xyz/click?pid=21102&offer_id=4210&sub1=2a01:4a0:2b::9-de-erlangen-index.php-bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online%2F&l=1700747712 HTTP 302
    https://ksa5lu5y3o.com/?serial=34074&creative_id=543&anid=21102_65805487d85e1a00013d1ddc HTTP 302
    https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index_metrika.html
leon.casino/traff/de/dragon/
Redirect Chain
  • http://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/
  • https://bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/
  • https://tds.flakozt.ru/1?q=index.php-bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online/
  • https://go.elbe1lif.xyz/click?pid=21102&offer_id=4210&sub1=2a01:4a0:2b::9-de-erlangen-index.php-bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online%2F&l=1700747712
  • https://ksa5lu5y3o.com/?serial=34074&creative_id=543&anid=21102_65805487d85e1a00013d1ddc
  • https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
4 KB
2 KB
Document
General
Full URL
https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.33.158.153 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a74c9b096c06d2617.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f06e607369dd4e0223346f3876cd70d1bee8671a31c174487c2affc3f3f9eeb0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Mon, 18 Dec 2023 14:17:43 GMT
etag
W/"65254348-1196"
last-modified
Tue, 10 Oct 2023 12:27:52 GMT
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
837807eeab630a5d-AMS
content-type
text/html; charset=utf-8
date
Mon, 18 Dec 2023 14:17:43 GMT
location
https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yUMLhjKwRQcQBblZe0RpSJlo4iSCqbOMYbgfMfyGUGJWKc%2BHP6rsVyg49O%2B5m4POU7%2FFd%2FKhKK6BEaVoIyVUbVNP81RhlI8T46lOK2WZE0w%2BAyLxWZ5Dg0VkBtDJoGznj3noAboCtEXWVwIoKA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
32eb8cf4c6afc4edd083f3a991f17f43
x-runtime
0.045155
x-xss-protection
1; mode=block
style.min.css
landingpageslb.gcdn.co/wheel_de2/public/css/
21 KB
21 KB
Stylesheet
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/css/style.min.css?v=56.438367377124024
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
c8e2354e893f2bb454538ecccdf4e059c737e42603d1a2ebd4d7a15326f1b0d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:42 GMT
server
nginx
traceparent
00-e9288ff5bff96a51cf545b57fe56f89a-36876b6701b5c594-01
etag
"652542c6-548b"
x-cached-since
2023-12-16T21:34:23+00:00
content-type
text/css
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
21643
logo.svg
landingpageslb.gcdn.co/wheel_de2/public/img/
2 KB
2 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/logo.svg?v=81.30897836730502
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
8888a631459933fda25c74f4c2397fb316b84d8d13662a4e52d1538d53b7cb66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-734d50bf7fbfae3f3488ec80f4f0dd3f-7a342a29410f6440-01
etag
"652542c8-62f"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/svg+xml
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
1583
circle-1.png
landingpageslb.gcdn.co/wheel_de2/public/img/
475 KB
476 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/circle-1.png?v=90.42306724702303
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
5180278a81d2fadf713cc6db6f4f733396486c51179e0b390b7bfadd7b669809

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-67c1167f30e19b7471ab0ce1248c262b-a9ba561bf32aa11c-01
etag
"652542c8-76b6c"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
486252
circle-2.png
landingpageslb.gcdn.co/wheel_de2/public/img/
15 KB
15 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/circle-2.png?v=59.63403805887382
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
902dc44c8fc98aacd190557d62da026b4691582678553de6554b0223d5074a2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-3e700b427fa3a3c1ca068c3eea7e1290-f9732709115c2753-01
etag
"652542c8-3cc2"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
15554
wheel-win-0.png
landingpageslb.gcdn.co/wheel_de2/public/img/
32 KB
32 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/wheel-win-0.png?v=49.40042503390447
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
60e3808a755889e222006c44835e3aa2b655c7131087d17679830591625dd11f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-0626288f1d00659a6ab1f810b97fd473-30a8b5554585d839-01
etag
"652542c8-8082"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
32898
wheel-win.png
landingpageslb.gcdn.co/wheel_de2/public/img/
20 KB
20 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/wheel-win.png?v=14.95339575221497
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
6729fe016ce01f3f3d940362a3a9fbc6dd0d48570594acbf85259c46f570a2b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:43 GMT
server
nginx
traceparent
00-fd30790b8b77737189aea95502a2de70-a7be5ede508bd5e2-01
etag
"652542c7-4e7c"
x-cached-since
2023-12-16T11:18:12+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
20092
bandit.png
landingpageslb.gcdn.co/wheel_de2/public/img/
470 KB
471 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/bandit.png?v=82.76200999500148
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
af41296caaed28995224780ad79685bc0b31f0c753d795ea3febb4dc54f63399

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-28106595aeee66cf604210d6d5275348-363e9cdab93bdb87-01
etag
"652542c8-7599c"
x-cached-since
2023-12-16T11:18:12+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
481692
el-1.png
landingpageslb.gcdn.co/wheel_de2/public/img/elem/
8 KB
8 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/elem/el-1.png?v=56.18535573377521
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
13807d3b9bbba5b5eeb0dc813b9423a66357389fc0808207d3d660b4296bddb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:47 GMT
server
nginx
traceparent
00-d3e474d0497109af7f844be951b74533-bf558dcb326d26b5-01
etag
"652542cb-1ee9"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
7913
el-2.png
landingpageslb.gcdn.co/wheel_de2/public/img/elem/
12 KB
12 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/elem/el-2.png?v=88.68074114701162
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
9d89afe161992ffca5891f8b731ec810d786bd2fa307fdd2873a979bdc00c0f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:47 GMT
server
nginx
traceparent
00-a47457f743404898b2c89510490c9e54-227c40e18bee3f06-01
etag
"652542cb-2f47"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
12103
el-3.png
landingpageslb.gcdn.co/wheel_de2/public/img/elem/
15 KB
15 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/elem/el-3.png?v=58.394300643171434
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
1646b20562bfbbee63d431690cf097e3cade7568feff508b348a4c732d6bd4d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:47 GMT
server
nginx
traceparent
00-84c00ab987d284fd5f2001ae349e239f-682c8f2c71cea3b4-01
etag
"652542cb-3ad9"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
15065
popup-1.png
landingpageslb.gcdn.co/wheel_de2/public/img/popup/
121 KB
121 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/popup/popup-1.png?v=99.28861299221445
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
267b1781147d864815592282da85d5c349b0a12b7347c6ed07cfd2abe54c8786

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:47 GMT
server
nginx
traceparent
00-9a777739b04f8157c94bc2e3c24c4b64-cf94f0293925f731-01
etag
"652542cb-1e3bd"
x-cached-since
2023-12-16T11:18:13+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
123837
popup-2.png
landingpageslb.gcdn.co/wheel_de2/public/img/popup/
168 KB
169 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/popup/popup-2.png?v=83.68830370841496
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
beee58832085a77cf431b3152a77b42e0f69d8ab3faa11f30fdeba804c5f6b89

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:47 GMT
server
nginx
traceparent
00-715df03d5b547d3ad851e232cd53c042-26f1c1bc2c08cdbb-01
etag
"652542cb-2a1ef"
x-cached-since
2023-12-16T21:34:27+00:00
content-type
image/png
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
172527
parallax.min.js
landingpageslb.gcdn.co/wheel_de2/public/js/
17 KB
17 KB
Script
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/js/parallax.min.js
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
1aa4cad8b8c65ae062f64172ceb16f7eb02242cee0ec506f6a18390b650b98e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:42 GMT
server
nginx
traceparent
00-7a92937ca79105b706ab438a389f7b4c-373ad2ab3ea1070b-01
etag
"652542c6-43a1"
x-cached-since
2023-12-16T18:14:56+00:00
content-type
application/javascript
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
17313
main.min.js
landingpageslb.gcdn.co/wheel_de2/public/js/
2 KB
3 KB
Script
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/js/main.min.js?v=1
Requested by
Host: leon.casino
URL: https://leon.casino/traff/de/dragon/index_metrika.html?qtag=a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
d8569b58aa9af9a99b2397a84e0461e636af74284d6d9ddcf709bac55fed80b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leon.casino/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:42 GMT
server
nginx
traceparent
00-f078e645769a53465ffe264046fd1467-128db8cf2b20807b-01
etag
"652542c6-9ab"
x-cached-since
2023-12-16T18:14:56+00:00
content-type
application/javascript
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
2475
bg.jpg
landingpageslb.gcdn.co/wheel_de2/public/img/
117 KB
117 KB
Image
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/img/bg.jpg
Requested by
Host: landingpageslb.gcdn.co
URL: https://landingpageslb.gcdn.co/wheel_de2/public/css/style.min.css?v=56.438367377124024
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
6e77d4e115f70e912d964fe68c07ff6555f96ec48e47f63c8d8beab18f8a6f0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://landingpageslb.gcdn.co/wheel_de2/public/css/style.min.css?v=56.438367377124024
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc8
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:44 GMT
server
nginx
traceparent
00-925927299e0580d85ccae48950aca2d4-0f3bb0cbb8a70220-01
etag
"652542c8-1d213"
x-cached-since
2023-12-17T19:09:28+00:00
content-type
image/jpeg
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc8
cache
HIT
accept-ranges
bytes
content-length
119315
UniSansBold.woff2
landingpageslb.gcdn.co/wheel_de2/public/fonts/
23 KB
23 KB
Font
General
Full URL
https://landingpageslb.gcdn.co/wheel_de2/public/fonts/UniSansBold.woff2
Requested by
Host: landingpageslb.gcdn.co
URL: https://landingpageslb.gcdn.co/wheel_de2/public/css/style.min.css?v=56.438367377124024
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash
ec4bd70634f7282ef39e69103f5e31d3ddde953b78c301f43878f9bd2b824193

Request headers

Referer
https://landingpageslb.gcdn.co/wheel_de2/public/css/style.min.css?v=56.438367377124024
Origin
https://leon.casino
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc29
date
Mon, 18 Dec 2023 14:17:43 GMT
last-modified
Tue, 10 Oct 2023 12:25:46 GMT
server
nginx
traceparent
00-fc1da1987418e992690430987eaca1a2-04d186dbe4a86c78-01
etag
"652542ca-5b30"
x-cached-since
2023-12-16T16:44:30+00:00
content-type
application/octet-stream
access-control-allow-origin
*
x-id-fe
fr5-hw-edge-gc29
cache
HIT
accept-ranges
bytes
content-length
23344

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| getCookie function| affLink function| Parallax function| $$ function| h_el function| debugging function| Opn function| OpnTwo function| firstBonus function| secondBonus object| parallax number| index

4 Cookies

Domain/Path Name / Value
tds.flakozt.ru/ Name: 95622e70ccf25e97e0474310a2e55cb7
Value: 0.1
go.elbe1lif.xyz/ Name: afclick
Value: 65805487d85e1a00013d1ddc
go.elbe1lif.xyz/ Name: afoffers
Value: {"4210":1702909063}
leon.casino/ Name: qtag
Value: a27112_t34074_c543_s21102_65805487d85e1a00013d1ddc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bets-nature-gyarados-pokemon-planet-657239.omskminzdrav.online
go.elbe1lif.xyz
ksa5lu5y3o.com
landingpageslb.gcdn.co
leon.casino
tds.flakozt.ru
2606:4700:3032::ac43:dadc
2606:4700:3033::ac43:c223
2606:4700:3035::ac43:b07e
2a03:90c0:41:2801::62
2a06:98c1:3120::3
3.33.158.153
13807d3b9bbba5b5eeb0dc813b9423a66357389fc0808207d3d660b4296bddb7
1646b20562bfbbee63d431690cf097e3cade7568feff508b348a4c732d6bd4d8
1aa4cad8b8c65ae062f64172ceb16f7eb02242cee0ec506f6a18390b650b98e3
267b1781147d864815592282da85d5c349b0a12b7347c6ed07cfd2abe54c8786
5180278a81d2fadf713cc6db6f4f733396486c51179e0b390b7bfadd7b669809
60e3808a755889e222006c44835e3aa2b655c7131087d17679830591625dd11f
6729fe016ce01f3f3d940362a3a9fbc6dd0d48570594acbf85259c46f570a2b5
6e77d4e115f70e912d964fe68c07ff6555f96ec48e47f63c8d8beab18f8a6f0b
8888a631459933fda25c74f4c2397fb316b84d8d13662a4e52d1538d53b7cb66
902dc44c8fc98aacd190557d62da026b4691582678553de6554b0223d5074a2a
9d89afe161992ffca5891f8b731ec810d786bd2fa307fdd2873a979bdc00c0f1
af41296caaed28995224780ad79685bc0b31f0c753d795ea3febb4dc54f63399
beee58832085a77cf431b3152a77b42e0f69d8ab3faa11f30fdeba804c5f6b89
c8e2354e893f2bb454538ecccdf4e059c737e42603d1a2ebd4d7a15326f1b0d5
d8569b58aa9af9a99b2397a84e0461e636af74284d6d9ddcf709bac55fed80b4
ec4bd70634f7282ef39e69103f5e31d3ddde953b78c301f43878f9bd2b824193
f06e607369dd4e0223346f3876cd70d1bee8671a31c174487c2affc3f3f9eeb0