urlscan.io logo urlscan.io
SecurityTrails logo

go.luckycart.com Open in urlscan Pro
34.77.251.68  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://r.mail.luckycart.com/tr/cl/RYnvFe0Wrc3qF6lqObqEh7KCPWcrbojBSJBNNpJz4P0YypQQmCUfYDNo5jZbQU7l5c0Bv-So4I1GOhkFbWTvF7uI1E...
Effective URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Submission: On December 16 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 34.77.251.68, located in Brussels, Belgium and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is go.luckycart.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 28th 2022. Valid for: a year.
This is the only time go.luckycart.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 185.107.232.138 200484 (SENDINBLU...)
8 34.77.251.68 396982 (GOOGLE-CL...)
4 34.111.92.179 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.2.137 54113 (FASTLY)
1 162.247.241.14 23467 (NEWRELIC-...)
15 5
1    185.107.232.138 (France)

ASN200484 (SENDINBLUE-ASN, FR)
r.mail.luckycart.com
8    34.77.251.68 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.251.77.34.bc.googleusercontent.com
go.luckycart.com
api.luckycart.com
experiences.luckycart.com
4    34.111.92.179 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 179.92.111.34.bc.googleusercontent.com
statics.luckycart.com
integration.luckycart.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
Apex Domain
Subdomains		 Transfer
13 luckycart.com
r.mail.luckycart.com
go.luckycart.com
statics.luckycart.com
integration.luckycart.com — Cisco Umbrella Rank: 414376
api.luckycart.com
experiences.luckycart.com
569 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 221
620 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 336
9 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 304
33 KB
15 4
Domain Requested by
4 api.luckycart.com integration.luckycart.com
experiences.luckycart.com
3 experiences.luckycart.com go.luckycart.com
experiences.luckycart.com
3 statics.luckycart.com go.luckycart.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com go.luckycart.com
1 integration.luckycart.com go.luckycart.com
1 ajax.googleapis.com go.luckycart.com
1 go.luckycart.com
1 r.mail.luckycart.com 1 redirects
15 9

This site contains no links.

Subject Issuer Validity Valid
luckycart.com
Go Daddy Secure Certificate Authority - G2		 2022-06-28 -
2023-07-30		 a year crt.sh
*.luckycart.com
Go Daddy Secure Certificate Authority - G2		 2022-06-21 -
2023-07-23		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-07 -
2023-01-30		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-07-10 -
2023-08-11		 a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh

This page contains 2 frames:

Primary Page: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Frame ID: 1AF807EA7FF22C3B376BCC894EC79E9B
Requests: 8 HTTP requests in this frame

Frame: https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
Frame ID: 01237E85A5A54AB7C94BDE52CFEE9A3B
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

: à vous de jouer

Page URL History Show full URLs

  1. http://r.mail.luckycart.com/tr/cl/RYnvFe0Wrc3qF6lqObqEh7KCPWcrbojBSJBNNpJz4P0YypQQmCUfYDNo5jZbQU7l5c0Bv-... HTTP 302
    https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

17 %
IPv6

4
Domains

9
Subdomains

5
IPs

4
Countries

612 kB
Transfer

673 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://r.mail.luckycart.com/tr/cl/RYnvFe0Wrc3qF6lqObqEh7KCPWcrbojBSJBNNpJz4P0YypQQmCUfYDNo5jZbQU7l5c0Bv-So4I1GOhkFbWTvF7uI1Esxls5ewhmWuE90Z-d76wXIFkRZz5_BjZofMs4XJbR9dCUXi3t3Bp3qT9kyyR8d0mVppiucl30D43xyMyDk4gjNyhI8VbCYkYfR2mt8t5Kc9PC9lu7SZzvZWIxKrwpDO6JHdR4mSQV0aadIW5QDN0x2X7GUl_Oc1r29nODNNMIFR39DxxSecych_63n-_MHdh5-yCbySR5msEZDmq0lDElO HTTP 302
    https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request FNUJ-DJBI-QQBY-VWJS
go.luckycart.com/carrefour/OeboBf/play/
Redirect Chain
  • http://r.mail.luckycart.com/tr/cl/RYnvFe0Wrc3qF6lqObqEh7KCPWcrbojBSJBNNpJz4P0YypQQmCUfYDNo5jZbQU7l5c0Bv-So4I1GOhkFbWTvF7uI1Esxls5ewhmWuE90Z-d76wXIFkRZz5_BjZofMs4XJbR9dCUXi3t3Bp3qT9kyyR8d0mVppiucl30...
  • https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
32 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
107c3172d42b65bd161dd3e6b18fcedf8353b32fffd4d61c1cf393e5a0ea1643
Security Headers
Name Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
keep-alive
Content-Length
32646
Content-Security-Policy
default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Dec 2022 15:37:20 GMT
ETag
W/"7f86-ZK7mFDyVeQlqm+TDK9HpwkA4yKw"
Feature-Policy
fullscreen 'self';speaker 'self'
Referrer-Policy
strict-origin-when-cross-origin
Server
LuckyCart
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-XSS-Protection
0

Redirect headers

content-length
101
content-type
text/html; charset=utf-8
date
Fri, 16 Dec 2022 15:37:19 GMT
location
https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
x-content-type-options
nosniff
x-sib-server
srv-pr-online-rancher-worker-17.onl.51b.tech
x-xss-protection
1
game.css
statics.luckycart.com/design/carrefour/OeboBf/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://statics.luckycart.com/design/carrefour/OeboBf/css/game.css
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.92.179 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.92.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ff441a1aa6d36a8c97bbe840428fcbdd66f8055b6aae3382764e2e4633054249

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 15:37:20 GMT
content-encoding
gzip
x-guploader-uploadid
ADPycdsg5mnRZzB44e3dyum-o5PgnhhWh6v5XjiSmGeC5iXxkTumN_zxgRD69bCmB7Nzofv3gXGRwjs-GmdS08igSBrokg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1096
last-modified
Wed, 02 Nov 2022 12:31:14 GMT
server
UploadServer
etag
"6a3f46cfd6069628ed53cae97088f9e5"
x-goog-generation
1667392274282154
content-type
text/css
access-control-allow-origin
*
x-goog-hash
crc32c=GE2U7Q==, md5=aj9Gz9YGlijtU8rpcIj55Q==
access-control-expose-headers
Content-Type
cache-control
private,no-cache,max-age=0,no-transform
x-goog-stored-content-length
1096
accept-ranges
bytes
expires
Fri, 16 Dec 2022 15:37:20 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.1/ 		92 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 16:13:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
257055
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33333
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Dec 2023 16:13:05 GMT
commons.js
statics.luckycart.com/affiliations/js/v2/ 		746 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://statics.luckycart.com/affiliations/js/v2/commons.js?noCache1671205040134
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.92.179 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.92.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d1a8e02028f421ab6efb28bb65b93eea720213709ce22f1e41ef7515ef7f8224

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 15:37:20 GMT
x-guploader-uploadid
ADPycdsOJzoECN5jKOLGzCWAsmO8f0A8RBo9O__kxWJ_NrRKZ0RZc7N7Wpn-dfJYDcvftB8HpJJyrd3tKVJNyW7Qf8i7TA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
746
last-modified
Thu, 10 Nov 2022 14:28:03 GMT
server
UploadServer
etag
"9cb86019de2f4d73b04779016a9de19f"
x-goog-generation
1668090483348635
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=wogBMQ==, md5=nLhgGd4vTXOwR3kBap3hnw==
access-control-expose-headers
Content-Type
cache-control
private, max-age=0
x-goog-stored-content-length
746
accept-ranges
bytes
expires
Fri, 16 Dec 2022 15:37:20 GMT
luckycart.min.js
integration.luckycart.com/js-sdk/sdk/dist/ 		11 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://integration.luckycart.com/js-sdk/sdk/dist/luckycart.min.js
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.92.179 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.92.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
754db92f152bf88ffa2fc228f5281cc4dff1254b296a01d44fb82e2f4429c097

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 15:37:20 GMT
x-goog-meta-goog-reserved-file-mtime
1654523226
x-guploader-uploadid
ADPycdsaiCE3nz85ej8-JIVK9QSa-pgFs9x0lpwXQx2jIdKpQwCnKv-84_v6fkoBFsRqD2nDJKl3YJ451mbe_NXD0jqBgADdmSsZ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11212
last-modified
Mon, 06 Jun 2022 13:47:14 GMT
server
UploadServer
etag
"4214dc67ae278be15c31a168a845edb5"
x-goog-generation
1654523234621228
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=AStsVA==, md5=QhTcZ64ni+FcMaFoqEXttQ==
access-control-expose-headers
Content-Type
cache-control
private, max-age=0
x-goog-stored-content-length
11212
accept-ranges
bytes
expires
Fri, 16 Dec 2022 15:37:20 GMT
539755995
api.luckycart.com/y4hnl2U6/game/ 		9 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.luckycart.com/y4hnl2U6/game/539755995
Requested by
Host: integration.luckycart.com
URL: https://integration.luckycart.com/js-sdk/sdk/dist/luckycart.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
1a33a259e9bd6d800b017b4e476d2ce792a8419e22620b9a42d57f4a75e48a01
Security Headers
Name Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
X-DNS-Prefetch-Control
off
p3p
CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Connection
keep-alive
Content-Length
8837
X-XSS-Protection
0
Referrer-Policy
strict-origin-when-cross-origin
Server
LuckyCart
ETag
W/"2285-Y/Lp0opUOePqWcnyzXVDYN29JT8"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://go.luckycart.com
Feature-Policy
fullscreen 'self';speaker 'self'
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With
nr-1123.min.js
js-agent.newrelic.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1123.min.js
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
94cdf5b7f868883de0e1248cd80b42dd84e3f38685f2b234747550c02190dc82

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 varnish
date
Fri, 16 Dec 2022 15:37:20 GMT
x-amz-request-id
0VBXRYNXC40ZZSNQ
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
9288
x-amz-id-2
2PRl9BczrXQV6rmlerK08DnMRfkfE4l4T67sP6sRLWhT+gT1W/KQ212QkYmw5vXay9WURxX5rHk=
x-served-by
cache-cdg20734-CDG
last-modified
Fri, 22 Mar 2019 14:06:15 GMT
server
AmazonS3
x-timer
S1671205040.386412,VS0,VE0
etag
"7ffb242072196e9db5f4f1bfbfa2ed7d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
38
c2a4a624fd
bam.nr-data.net/1/ 		49 B
620 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/c2a4a624fd?a=17231012&sa=1&v=1123.df1c7f8&t=Unnamed%20Transaction&rst=786&ref=https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS&be=699&fe=715&dc=714&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1671205039616,%22n%22:0,%22f%22:193,%22dn%22:193,%22dne%22:373,%22c%22:373,%22s%22:395,%22ce%22:420,%22rq%22:421,%22rp%22:532,%22rpe%22:553,%22dl%22:535,%22di%22:705,%22ds%22:705,%22de%22:714,%22dc%22:714,%22l%22:714,%22le%22:715%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1123.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://go.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Transfer-Encoding
chunked
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
access-control-allow-credentials
true
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
CF-Ray
77a87feeecb8f844-CDG
/
experiences.luckycart.com/ Frame 0123 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
Requested by
Host: go.luckycart.com
URL: https://go.luckycart.com/carrefour/OeboBf/play/FNUJ-DJBI-QQBY-VWJS?remind=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
b1a9c7211bab35bd76e6bc3e8050024e5fc8060f67d39674c22daf44d61b244f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://go.luckycart.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Type
Cache-Control
private, max-age=0
Connection
keep-alive
Content-Length
1497
Content-Type
text/html
Date
Fri, 16 Dec 2022 15:37:20 GMT
ETag
"bbb5bd68bc1530b85a1b1c1fc0ca29a2"
Expires
Fri, 16 Dec 2022 15:37:20 GMT
Last-Modified
Mon, 21 Nov 2022 16:12:54 GMT
Server
LuckyCart
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-GUploader-UploadID
ADPycdsb_gTlyNXXNwhcMsxwr-NIW9EjAH8txRCp91LbjIIjXTwwSElQGbVHNFyzcJlfKv6NGfBguYyKM2BR9m9Jd2TOURmoueca
x-goog-generation
1669047174610887
x-goog-hash
crc32c=exjf/g== md5=u7W9aLwVMLhaGxwfwMopog==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1497
main.3a2f76b1.js
experiences.luckycart.com/static/js/ Frame 0123 		453 KB
454 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://experiences.luckycart.com/static/js/main.3a2f76b1.js
Requested by
Host: experiences.luckycart.com
URL: https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
974239bac4a9c2c983202f05ba367ecf0f6462f6762457340d909958822516bb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-GUploader-UploadID
ADPycdsT9HjUz5JiDWJnomL78oNje1NHLw4lsnR0Vq_7CYv2DTmb_pPcCeOFj_RcAmU5LEYCyr1V8szRK9Xl3MCHIai_9oe-7Imm
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
Connection
keep-alive
Content-Length
464288
Last-Modified
Mon, 21 Nov 2022 16:12:55 GMT
Server
LuckyCart
ETag
"f384c18c56111bb2e159e0414ff70a69"
x-goog-generation
1669047175161652
Content-Type
application/javascript
Access-Control-Allow-Origin
*
x-goog-hash
crc32c=JIciiw==, md5=84TBjFYRG7LhWeBBT/cKaQ==
Access-Control-Expose-Headers
Content-Type
Cache-Control
private, max-age=0
x-goog-stored-content-length
464288
Accept-Ranges
bytes
Expires
Fri, 16 Dec 2022 15:37:20 GMT
main.3d7c4d0a.css
experiences.luckycart.com/static/css/ Frame 0123 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://experiences.luckycart.com/static/css/main.3d7c4d0a.css
Requested by
Host: experiences.luckycart.com
URL: https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
f9d594009d1181c8a6302d607aabb167b521674c9d0aa6675e0045fba48e6e1a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://experiences.luckycart.com/?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508&cartUid=539755995&ticketCode=FNUJ-DJBI-QQBY-VWJS
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-GUploader-UploadID
ADPycdu6vJ0-EUocYqP830bjTEUNqQQvxwraPd1sNdRBrcBnLU4Io6FFDkmcLKi-AugLYzcaDP_4-w2sYbibZZ3z6529o9aO3DY3
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
Connection
keep-alive
Content-Length
5782
Last-Modified
Mon, 21 Nov 2022 16:12:54 GMT
Server
LuckyCart
ETag
"1a2b7e0c91a7fd95465c279fa02d913b"
x-goog-generation
1669047174676023
Content-Type
text/css
Access-Control-Allow-Origin
*
x-goog-hash
crc32c=+wR5bg==, md5=Git+DJGn/ZVGXCefoC2ROw==
Access-Control-Expose-Headers
Content-Type
Cache-Control
private, max-age=0
x-goog-stored-content-length
5782
Accept-Ranges
bytes
Expires
Fri, 16 Dec 2022 15:37:20 GMT
y4hnl2U6
api.luckycart.com/v3/siteConfig/ Frame 0123 		7 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.luckycart.com/v3/siteConfig/y4hnl2U6
Requested by
Host: experiences.luckycart.com
URL: https://experiences.luckycart.com/static/js/main.3a2f76b1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
f6ab151511063cbd32ed91d549666286ff3103bf084a935db544ebdf8533adb2
Security Headers
Name Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://experiences.luckycart.com/
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
X-DNS-Prefetch-Control
off
p3p
CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Connection
keep-alive
Content-Length
6880
X-XSS-Protection
0
Referrer-Policy
strict-origin-when-cross-origin
Server
LuckyCart
ETag
W/"1ae0-V7Anfh71dK8rPa/7baAEpUh/0G0"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://experiences.luckycart.com
Feature-Policy
fullscreen 'self';speaker 'self'
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With
games
api.luckycart.com/cart/ Frame 0123 		594 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.luckycart.com/cart/games?cartId=539755995&customerId=a5298c069d5608bc879fc72fa65d119ab77e5508&auth_key=y4hnl2U6
Requested by
Host: experiences.luckycart.com
URL: https://experiences.luckycart.com/static/js/main.3a2f76b1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
10de70010297689f7d9708982e8ab57fd882b4c187f8294963821696a63fe053
Security Headers
Name Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://experiences.luckycart.com/
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:20 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
X-DNS-Prefetch-Control
off
p3p
CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Connection
keep-alive
Content-Length
594
X-XSS-Protection
0
Referrer-Policy
strict-origin-when-cross-origin
Server
LuckyCart
ETag
W/"252-9GgZVoLtRtRZaw2gwSEf82yV+rI"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://experiences.luckycart.com
Feature-Policy
fullscreen 'self';speaker 'self'
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With
FNUJ-DJBI-QQBY-VWJS
api.luckycart.com/v3/gameConfig/ Frame 0123 		6 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.luckycart.com/v3/gameConfig/FNUJ-DJBI-QQBY-VWJS?siteKey=y4hnl2U6&customerUid=a5298c069d5608bc879fc72fa65d119ab77e5508
Requested by
Host: experiences.luckycart.com
URL: https://experiences.luckycart.com/static/js/main.3a2f76b1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.77.251.68 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.251.77.34.bc.googleusercontent.com
Software
LuckyCart /
Resource Hash
6b5d249bc0b7f1e76e499867f2e0c86d8f5f1c14071061a3161704232d589eb3
Security Headers
Name Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://experiences.luckycart.com/
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 15:37:21 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
X-DNS-Prefetch-Control
off
p3p
CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Connection
keep-alive
Content-Length
6496
X-XSS-Protection
0
Referrer-Policy
strict-origin-when-cross-origin
Server
LuckyCart
ETag
W/"1960-4U2pCnLgL92hF5S2aYJTJZUrxrk"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://experiences.luckycart.com
Feature-Policy
fullscreen 'self';speaker 'self'
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With
alreadyPlayed-page-background_1655305312046.jpg
statics.luckycart.com/design/carrefour/3QjDVg/images/ Frame 0123 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://statics.luckycart.com/design/carrefour/3QjDVg/images/alreadyPlayed-page-background_1655305312046.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.92.179 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.92.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
289641d151cfd14dcddfcccb5141cf94fd18293650a3bf4ef634c330a17f6c3c

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://experiences.luckycart.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 15:37:21 GMT
age
0
x-guploader-uploadid
ADPycdvxL8grkV-hC52I2xkOrkDbiUiMaV5cvxGUEGz2Z11ASD7lcp340KNVaf9awJibX3E6lFEzEkUWXMA6uJjpltDc0w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27903
last-modified
Wed, 15 Jun 2022 15:01:52 GMT
server
UploadServer
etag
"d5a1f20a493cc2f0fb9d3108de92d68e"
x-goog-generation
1655305312111027
x-goog-hash
crc32c=AHh84w==, md5=1aHyCkk8wvD7nTEI3pLWjg==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
27903
accept-ranges
bytes
content-type
image/jpeg
expires
Fri, 16 Dec 2022 16:37:21 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| $ function| jQuery function| popupwindow object| NREUM object| newrelic function| __nr_require object| _LC_

1 Cookies

Domain/Path Name / Value
.nr-data.net/ Name: JSESSIONID
Value: d386e1278fe20808

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;connect-src *.luckycart.com s3-eu-west-1.amazonaws.com fonts.googleapis.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.storage.googleapis.com *.vimeo.com vimeo.com *.grandjeu.leclerc *.zdassets.com *.zendesk.com;img-src http: *.luckycart.com s3-eu-west-1.amazonaws.com *.googleusercontent.com code.jquery.com bam.nr-data.net www.google-analytics.com www.google.com www.google.fr seal.godaddy.com data: *.storage.googleapis.com;frame-src *;style-src *.luckycart.com code.jquery.com fonts.googleapis.com 'unsafe-inline' s3-eu-west-1.amazonaws.com *.storage.googleapis.com;font-src http: *.luckycart.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com s3-eu-west-1.amazonaws.com github.com *.storage.googleapis.com;script-src *.youtube.com *.ytimg.com *.vimeo.com vimeo.com *.luckycart.com ajax.googleapis.com code.jquery.com s3-eu-west-1.amazonaws.com js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com seal.godaddy.com js-agent.newrelic.com *.iti-maps.fr www.google.com www.gstatic.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.storage.googleapis.com maps.googleapis.com polyfill.io *.zdassets.com *.zendesk.com;media-src *.luckycart.com s3-eu-west-1.amazonaws.com *.storage.googleapis.com;report-uri /csp-violation
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0