promo.leovegas.com Open in urlscan Pro
2a03:b0c0:3:e0::1b:1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ufbry.tanglescanner.com/fe
Effective URL:
https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4ii...
Submission: On April 25 via automatic, source openphish (April 25th 2020, 12:51:54 pm UTC)

Summary HTTP 66 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 25 IPs in 9 countries across 26 domains to perform 66 HTTP transactions. The main IP is 2a03:b0c0:3:e0::1b:1, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is promo.leovegas.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 18th 2020. Valid for: 3 months.

This is the only time promo.leovegas.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	46.41.136.161 46.41.136.161	12824 (HOMEPL-AS) (HOMEPL-AS)
2 2	212.32.249.99 212.32.249.99	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	185.255.178.215 185.255.178.215	202933 (CLOUDSOLU...) (CLOUDSOLUTIONS)
1 1	107.154.248.103 107.154.248.103	19551 (INCAPSULA) (INCAPSULA)
1 1	52.212.3.250 52.212.3.250	16509 (AMAZON-02) (AMAZON-02)
1 13	2a03:b0c0:3:e... 2a03:b0c0:3:e0::1b:1	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.89.129 143.204.89.129	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE)
21	2600:9000:21f... 2600:9000:21f3:b400:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
5	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
1	107.154.248.168 107.154.248.168	19551 (INCAPSULA) (INCAPSULA)
4	2a00:1450:400... 2a00:1450:4001:819::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
1	91.228.74.211 91.228.74.211	27281 (QUANTCAST) (QUANTCAST)
1	2600:9000:215... 2600:9000:2156:8400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.29.6.185 52.29.6.185	16509 (AMAZON-02) (AMAZON-02)
1 3	18.197.235.0 18.197.235.0	16509 (AMAZON-02) (AMAZON-02)
6 6	3.120.19.19 3.120.19.19	16509 (AMAZON-02) (AMAZON-02)
1	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE)
1	74.214.194.139 74.214.194.139	59940 (PULSEPOIN...) (PULSEPOINT-EU)
1	52.30.142.234 52.30.142.234	16509 (AMAZON-02) (AMAZON-02)
2 3	51.75.146.199 51.75.146.199	16276 (OVH) (OVH)
1 1	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	52.16.76.117 52.16.76.117	16509 (AMAZON-02) (AMAZON-02)
1	35.157.140.233 35.157.140.233	16509 (AMAZON-02) (AMAZON-02)
2 2	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
66	25

1 46.41.136.161 (Poland)

ASN12824 (HOMEPL-AS, PL)

ufbry.tanglescanner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.32.249.99 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

url-partners.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.178.215 (Russian Federation)

ASN202933 (CLOUDSOLUTIONS, RU)
PTR: blc2.oli

fdfjhks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.154.248.103 (United States) 1 redirects

ASN19551 (INCAPSULA, US)
PTR: 107.154.248.103.ip.incapdns.net

ads.leovegas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.3.250 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-3-250.eu-west-1.compute.amazonaws.com

leo-promo-redirect-service.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:b0c0:3:e0::1b:1 (Frankfurt am Main, Germany) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

promo.leovegas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.129 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-129.fra50.r.cloudfront.net

media.ascend.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:21f3:b400:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.4.39 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.154.248.168 (United States)

ASN19551 (INCAPSULA, US)
PTR: 107.154.248.168.ip.incapdns.net

www.leovegas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.211 (United Kingdom)

ASN27281 (QUANTCAST, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:8400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.6.185 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-6-185.eu-central-1.compute.amazonaws.com

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.235.0 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-235-0.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.120.19.19 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-19-19.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.150 (United Kingdom)

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.194.139 (Amsterdam, Netherlands)

ASN59940 (PULSEPOINT-EU, NL)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.142.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-142-234.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.146.199 (Germany) 2 redirects

ASN16276 (OVH, FR)
PTR: p12.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.87 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.76.117 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-76-117.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.140.233 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-140-233.eu-central-1.compute.amazonaws.com

match.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	ctfassets.net images.ctfassets.net	752 KB
15	leovegas.com 2 redirects ads.leovegas.com promo.leovegas.com www.leovegas.com	513 KB
6	bidswitch.net 6 redirects x.bidswitch.net	3 KB
5	adform.net track.adform.net	41 KB
4	google-analytics.com www.google-analytics.com	62 KB
4	gstatic.com fonts.gstatic.com	46 KB
3	id5-sync.com 2 redirects id5-sync.com	4 KB
3	creative-serving.com 1 redirects ads.creative-serving.com	2 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net cm.g.doubleclick.net	2 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	7 KB
2	g2afse.com 2 redirects url-partners.g2afse.com	363 B
1	justpremium.com match.justpremium.com	647 B
1	adnxs.com 1 redirects ib.adnxs.com	736 B
1	gumgum.com rtb.gumgum.com	237 B
1	contextweb.com bh.contextweb.com	468 B
1	1rx.io sync.1rx.io	185 B
1	quantcount.com rules.quantcount.com	1 KB
1	google.de www.google.de	499 B
1	google.com www.google.com	499 B
1	googletagmanager.com www.googletagmanager.com	28 KB
1	ascend.ai media.ascend.ai	91 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	herokuapp.com 1 redirects leo-promo-redirect-service.herokuapp.com	342 B
1	fdfjhks.com fdfjhks.com	483 B
1	tanglescanner.com ufbry.tanglescanner.com	2 KB
66	26

	Domain	Requested by
21	images.ctfassets.net	promo.leovegas.com
13	promo.leovegas.com	1 redirects promo.leovegas.com
6	x.bidswitch.net	6 redirects
5	track.adform.net	ufbry.tanglescanner.com track.adform.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	fonts.gstatic.com	promo.leovegas.com
3	id5-sync.com	2 redirects
3	ads.creative-serving.com	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	dpm.demdex.net	1 redirects
2	url-partners.g2afse.com	2 redirects
1	match.justpremium.com
1	ib.adnxs.com	1 redirects
1	rtb.gumgum.com
1	bh.contextweb.com
1	sync.1rx.io
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	track.adform.net
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.leovegas.com	promo.leovegas.com
1	www.googletagmanager.com	promo.leovegas.com
1	media.ascend.ai	promo.leovegas.com
1	fonts.googleapis.com	promo.leovegas.com
1	leo-promo-redirect-service.herokuapp.com	1 redirects
1	ads.leovegas.com	1 redirects
1	fdfjhks.com
1	ufbry.tanglescanner.com
66	30

This site contains links to these domains. Also see Links.

Domain
www.authorisation.mga.org.mt
secure.gamblingcommission.gov.uk
spillemyndigheden.dk
www.begambleaware.org
www.gamcare.org.uk
www.gamblersanonymous.org
www.leosafeplay.com

Subject Issuer	Validity	Valid
brand.leovegas.com Let's Encrypt Authority X3	`2020-04-18` - `2020-07-17`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.ascend.ai Network Solutions OV Server CA 2	`2017-07-21` - `2020-07-27`	3 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
images.contentful.com Amazon	`2019-04-06` - `2020-05-06`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
www.leovegas.com DigiCert SHA2 Extended Validation Server CA	`2020-03-06` - `2022-06-02`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-01` - `2020-06-24`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.creative-serving.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-27` - `2021-04-02`	2 years	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2019-06-28` - `2021-06-27`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2018-07-07` - `2020-06-03`	2 years	crt.sh
*.gumgum.com Amazon	`2019-07-31` - `2020-08-31`	a year	crt.sh
*.id5-sync.com Let's Encrypt Authority X3	`2020-04-02` - `2020-07-01`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
tracking.justpremium.com Amazon	`2019-12-24` - `2021-01-24`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Frame ID: 962595751858608FA9F9A3432947A781
Requests: 76 HTTP requests in this frame

Frame: https://track.adform.net/serving/container/?pm=497538&lid=31340545&ctype=0&media=0&PageName=mc-casino-lp&rnd=1726967832&cpref=&loc=https%3a%2f%2fpromo.leovegas.com%2fde%2fmc-casino%3fqs%3dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli
Frame ID: EBF00376104A1A8BFBA1E8AE6DC155FA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ufbry.tanglescanner.com/fe Page URL
http://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
https://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875 Page URL
https://ads.leovegas.com/redirect.aspx?pid=3651445&lpid=686&bid=13186&click_id=02-eocryck4iij43pmyv1u... HTTP 301
https://leo-promo-redirect-service.herokuapp.com/mc-casino/?btag=665659_7D8157989B5646A09427E3B9E97D1985&click_id=02-eocryck4... HTTP 301
https://promo.leovegas.com/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%... HTTP 301
https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_... Page URL

Detected technologies

Gatsby (Static Site Generator) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Gatsby(?: ([0-9.]+))?$/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i
meta generator /^Gatsby(?: ([0-9.]+))?$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Gatsby(?: ([0-9.]+))?$/i

Page Statistics

66
Requests

97 %
HTTPS

33 %
IPv6

26
Domains

30
Subdomains

25
IPs

9
Countries

1548 kB
Transfer

2794 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.authorisation.mga.org.mt/verification.aspx?lang=EN&company=726b906b-4fe8-4cf9-9294-0a6a8a808d90&details=1

Search URL Search Domain Scan URL

URL: https://secure.gamblingcommission.gov.uk/PublicRegister/Search/Detail/39198

Search URL Search Domain Scan URL

URL: https://spillemyndigheden.dk/

Search URL Search Domain Scan URL

URL: https://www.begambleaware.org/

Search URL Search Domain Scan URL

URL: http://www.gamcare.org.uk/

Search URL Search Domain Scan URL

URL: http://www.gamblersanonymous.org/ga/

Search URL Search Domain Scan URL

URL: https://www.leosafeplay.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ufbry.tanglescanner.com/fe Page URL
http://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
https://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875 Page URL
https://ads.leovegas.com/redirect.aspx?pid=3651445&lpid=686&bid=13186&click_id=02-eocryck4iij43pmyv1umcw1odab HTTP 301
https://leo-promo-redirect-service.herokuapp.com/mc-casino/?btag=665659_7D8157989B5646A09427E3B9E97D1985&click_id=02-eocryck4iij43pmyv1umcw1odab&pid=3651445&bid=13186 HTTP 301
https://promo.leovegas.com/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186 HTTP 301
https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
https://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875 HTTP 302
http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875

Request Chain 68

https://ads.creative-serving.com/pixel?id=3151410&type=js HTTP 302
https://ads.creative-serving.com/ul_cb/pixel?id=3151410&type=js

Request Chain 69

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=413 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=413 HTTP 302
https://sync.1rx.io/usersync/bidswitch/7f50bcbe-73e5-4dd9-b9fd-64e8201594c1?gdpr=&gdpr_consent=

Request Chain 70

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=905 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=905 HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1

Request Chain 71

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=924 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=924 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1

Request Chain 72

https://id5-sync.com/s/101/a5f8000c-2c05-41f0-b4b0-6a8b705326c2/1.gif HTTP 302
https://id5-sync.com/c/101/101/1/1.gif?puid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&gdpr=1&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/101/2/0/2.gif?puid=$UID&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/c/101/2/0/2.gif?puid=0&gdpr=1&gdpr_consent=

Request Chain 73

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2

Request Chain 75

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm=&google_sc=&google_tc= HTTP 302
https://ads.creative-serving.com/gcm?google_gid=CAESECUI00SsH6GpwS9hOKOGkRA&google_cver=1

66 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK fe Show response
ufbry.tanglescanner.com/ 2 KB
2 KB 234ms
200ms Document
text/html 46.41.136.161
HOMEPL-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ufbry.tanglescanner.com/fe
Protocol: HTTP/1.1
Server: 46.41.136.161 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
Software: nginx/1.16.1 / PHP/7.2.29
Resource Hash: f3175546b933ff3e2b00031335deffb637a0bf9af0217eb3ef27cbbd201b1f94

Request headers

Host: ufbry.tanglescanner.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx/1.16.1
Date: Sat, 25 Apr 2020 12:51:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1919
Connection: keep-alive
X-Powered-By: PHP/7.2.29

GET
H/1.1

200
OK

Cookie set xAkYYsMCA
fdfjhks.com/
Redirect Chain

http://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875
https://url-partners.g2afse.com/sl?id=5c9c1eb18d8a1100341a0442&pid=12875
http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875

237 B
483 B

177ms
107ms

Document
text/html

185.255.178.215
CLOUDSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875
Protocol: HTTP/1.1
Server: 185.255.178.215 , Russian Federation, ASN202933 (CLOUDSOLUTIONS, RU),
Reverse DNS: blc2.oli
Software: nginx /
Resource Hash

Request headers

Host: fdfjhks.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://ufbry.tanglescanner.com/fe
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://ufbry.tanglescanner.com/fe

Response headers

Server: nginx
Date: Sat, 25 Apr 2020 12:51:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: cco_10573_15550=1; path=/; expires=Sun, 26 Apr 2020 12:51:17 GMT; httponly

Redirect headers

status: 302
server: nginx
date: Sat, 25 Apr 2020 12:51:17 GMT
content-type: text/html; charset=utf-8
content-length: 103
location: http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875

GET
H2

200

Primary Request / Show response
promo.leovegas.com/de/mc-casino/
Redirect Chain

https://ads.leovegas.com/redirect.aspx?pid=3651445&lpid=686&bid=13186&click_id=02-eocryck4iij43pmyv1umcw1odab
https://leo-promo-redirect-service.herokuapp.com/mc-casino/?btag=665659_7D8157989B5646A09427E3B9E97D1985&click_id=02-eocryck4iij43pmyv1umcw1odab&pid=3651445&bid=13186
https://promo.leovegas.com/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186

114 KB
34 KB

330ms
330ms

Document
text/html

2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

13070ea2580a294d3f939e38bb38cf344a9bb812cfd7c1c86fe96261a9735c45

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: promo.leovegas.com
:scheme: https
:path: /de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3651445%2c%22BID%22%3a13186%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1587819078186)%5c%2f%22%2c%22CookieTag%22%3a%2213186365144553327938C20204251351%22%7d%5d; visid_incap_1837241=JwcDF6w0Rbu5x7o7oVLyNEUypF4AAAAAQUIPAAAAAACk/kYje6S12p3kEwQMmlA4; incap_ses_128_1837241=yeM0ZZ88DHcIUu43c8HGAUUypF4AAAAA16nLnbYCc+NIscSuNfQZmA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://fdfjhks.com/xAkYYsMCA?offer=smartlink&cat=18&sub1=&sub2=12875

Response headers

status: 200
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/html; charset=UTF-8
date: Sat, 25 Apr 2020 12:51:18 GMT
etag: "4ba62b0eda24c7c97ed8854e357b6cab-ssl-df"
link: </webpack-runtime.js>; rel=preload; as=script, </framework.js>; rel=preload; as=script, </app.js>; rel=preload; as=script, </777cf710.js>; rel=preload; as=script, </1fc11354f2c2e400d577cdb5177599fbb89aa4a3.js>; rel=preload; as=script, </component---src-templates-casino-index-js.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/de/mc-casino/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-encoding: gzip
age: 0
server: Netlify
vary: Accept-Encoding
x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952812

Redirect headers

status: 301
cache-control: public, max-age=0, must-revalidate
content-length: 168
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/plain; charset=utf-8
date: Sat, 25 Apr 2020 12:51:18 GMT
location: /de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
age: 0
server: Netlify
x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952743

GET
H2 200 webpack-runtime.js Show response
promo.leovegas.com/ 3 KB
1 KB 10ms
7ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/webpack-runtime.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

c912fa208445fceb853c23973e36a27b376b5182cc556958c90d3d3b495b92eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952929
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "06e40c2b7ada10980d61ce2dcc63c1ec-ssl-df"
age: 9353
status: 200
strict-transport-security: max-age=31536000
content-length: 1311
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 framework.js Show response
promo.leovegas.com/ 126 KB
39 KB 10ms
8ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/framework.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

11e8a65724727f8d85f6e67b2898ec44667603de266f8852c7fc61380a4ba333

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952930
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "593600366a14f528e844efdee58dea5d-ssl-df"
age: 9353
status: 200
strict-transport-security: max-age=31536000
content-length: 40292
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 app.js Show response
promo.leovegas.com/ 93 KB
31 KB 14ms
12ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

a080c536e41b95ac928442ffa1aae2821385f4231133427cb3253dd1e161ebb8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952931
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "54d2a5bebdb62c0ee74f498864c8c140-ssl-df"
age: 9353
status: 200
strict-transport-security: max-age=31536000
content-length: 31161
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 777cf710.js Show response
promo.leovegas.com/ 76 KB
27 KB 20ms
18ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/777cf710.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

d2008d7ac43ddc199651ebf76b1a974f8af49cfb11ec6e54f157697d77e46f14

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952932
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "4a4038b47dd9ad292b9f18126a355f48-ssl-df"
age: 9353
status: 200
strict-transport-security: max-age=31536000
content-length: 27567
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 1fc11354f2c2e400d577cdb5177599fbb89aa4a3.js Show response
promo.leovegas.com/ 756 KB
256 KB 20ms
19ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/1fc11354f2c2e400d577cdb5177599fbb89aa4a3.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

b8aec6d1e7579b5ddd014fed003866641dc90ceb9b6af62954604c2fdfa5e323

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952933
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "6f803b3a6f88e3e83dd21386f43b421b-ssl-df"
age: 9356
status: 200
strict-transport-security: max-age=31536000
content-length: 261642
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:22 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 component---src-templates-casino-index-js.js Show response
promo.leovegas.com/ 6 KB
3 KB 21ms
19ms Script
application/javascript 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/component---src-templates-casino-index-js.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

f5f6e2d84fe9da053ccf36ed6c8c0d84508303b63b8a179834ab24120f32d634

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952934
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "535da7c79b133a2fff25e47518a56814-ssl-df"
age: 9353
status: 200
strict-transport-security: max-age=31536000
content-length: 2706
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 app-data.json
promo.leovegas.com/page-data/ 50 B
196 B 21ms
20ms Other
application/json 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/page-data/app-data.json

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

7b5165ebffb365f7fc2989eaa06cdf638ad38629983f555cd1c4c7126e31e13d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Origin: https://promo.leovegas.com

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952935
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
x-content-type-options: nosniff
age: 9353
status: 200
vary: Accept-Encoding
content-length: 70
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:25 GMT
strict-transport-security: max-age=31536000
content-type: application/json
cache-control: public, max-age=0, must-revalidate
etag: "a94d6122bbbd7b57f03b024d5d78afea-ssl-df"
accept-ranges: bytes

GET
H2 200 page-data.json
promo.leovegas.com/page-data/de/mc-casino/ 17 KB
8 KB 21ms
20ms Other
application/json 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/page-data/de/mc-casino/page-data.json

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

3f19e7d6f3aa8a8b8ba3d0b5cfba6a4e3ba348cca25f7b40ed4dd62fe3f18c69

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Origin: https://promo.leovegas.com

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1952936
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
x-content-type-options: nosniff
age: 9304
status: 200
vary: Accept-Encoding
content-length: 8000
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:16:14 GMT
strict-transport-security: max-age=31536000
content-type: application/json
cache-control: public, max-age=0, must-revalidate
etag: "652249c970104ce7c6b40518a0f1e15e-ssl-df"
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 29ms
18ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,400,700i,900,900i

Requested by

Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7517a962ddd39d42b154057e9f81656e3dc856c3693bd12a1042dcad23133b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 25 Apr 2020 12:51:19 GMT
server: ESF
date: Sat, 25 Apr 2020 12:51:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 25 Apr 2020 12:51:19 GMT

GET
H2 200 ascend.js Show response
media.ascend.ai/c/263109690-2/ 306 KB
91 KB 45ms
12ms Script
application/javascript 143.204.89.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://media.ascend.ai/c/263109690-2/ascend.js
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.89.129 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-89-129.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9c4847a0d5251f76524c7aefa089734059c97c62f16b0d3c5dac587adce460cb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: LBRbvlo.U3.dv2iWI6DT_5HciL715bpw
content-encoding: gzip
last-modified: Fri, 20 Sep 2019 09:57:20 GMT
server: AmazonS3
age: 72432
date: Sat, 25 Apr 2020 10:16:00 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: lWqUYRWJR4a0UEY5aj4pSlA08k972ivfJHl3J0u4Xj8_QdaJaDBqfQ==
via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 85 KB
28 KB 28ms
15ms Script
application/javascript 2a00:1450:4001:814::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WGS5KD

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ecedee93ded5c7db153d592965cb4423572d78e99d91c73854b568dcdf606467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28011
x-xss-protection: 0
last-modified: Sat, 25 Apr 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 25 Apr 2020 12:51:19 GMT

GET
H2 200 leovegas-casino-logo-367bf0deb4e013be3595f5a913451492.svg
promo.leovegas.com/static/ 12 KB
6 KB 6ms
6ms Image
image/svg+xml 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo.leovegas.com/static/leovegas-casino-logo-367bf0deb4e013be3595f5a913451492.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

ce6756a7c10ff1f8be82a1e4e94a18bb8e68c2f19df87df9cb8168c6dda2fd5a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1953021
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-encoding: gzip
etag: "7ed1246ee7d51f0a1ec48d1b1a28632b-ssl-df"
age: 9357
status: 200
strict-transport-security: max-age=31536000
content-length: 5532
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
date: Sat, 25 Apr 2020 10:15:22 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 applepay.png
images.ctfassets.net/kijvoxi4q0zn/5fAzQuERh4KWhLdzerXt8T/0c844bbb38fc0d46d484a70606383036/ 4 KB
4 KB 32ms
11ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/5fAzQuERh4KWhLdzerXt8T/0c844bbb38fc0d46d484a70606383036/applepay.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: ff0abbe78f7491c5fcec8a61fc9d0e61c36da4b91826afe60236065b68bcfde0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:54 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234566
etag: "f2f94d27e26e6144f3b7aeea4105d9bd"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 3665
x-amz-cf-id: cfbzAvnjM_f45kaaGgQgzjvc9HEYpCGWBzPmRkTsPechXRPiSvdfDw==

GET
H2 200 sofortklarna.png
images.ctfassets.net/kijvoxi4q0zn/2CAIGpcyAQ6UGC2c00EOIw/b4e98e832fe525ce78bfbda0833264e5/ 6 KB
6 KB 35ms
14ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/2CAIGpcyAQ6UGC2c00EOIw/b4e98e832fe525ce78bfbda0833264e5/sofortklarna.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: b14a7f9c486e98dee1363e7fe513bfb4a1f85cccd620aa93f9492c9b1669c70d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:54 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "594c21590f36927ee691ddb66fa9ba0e"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 5744
x-amz-cf-id: PvEW_WUOwWlr3vy_r8c7M3eI6lYZxI1S4dNx6UlVakEBIBZ2X_vsIQ==

GET
H2 200 visa.png
images.ctfassets.net/kijvoxi4q0zn/3ViLoK5xpS4ewO4S0uCyey/5d6f669d7115ef736e8249079161d49a/ 4 KB
4 KB 35ms
14ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/3ViLoK5xpS4ewO4S0uCyey/5d6f669d7115ef736e8249079161d49a/visa.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 273960782964d6c98b7784d94eef99d63d8bf70c80a48a3d77da0c8191989c39

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "3564f544731f0c9e221f694ab9a1975e"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 3630
x-amz-cf-id: MX4wwckUVxFghgaifLcDu3yI9d5_QHI0ukZoZsSWDSk9SB9Dk_Y-Jw==

GET
H2 200 Trustly_Tuv-2.png
images.ctfassets.net/kijvoxi4q0zn/5sdxGe4ZqUvNnK5ko7izet/0894eec06f86d90ef22617837d8ade22/ 161 KB
161 KB 36ms
16ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/5sdxGe4ZqUvNnK5ko7izet/0894eec06f86d90ef22617837d8ade22/Trustly_Tuv-2.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: cb161a4f6a97c9db3ed2aa1816123c5952a4483ddd4a9574f3bdaee2ac8ca090

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 25 Apr 2020 00:07:44 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
last-modified: Mon, 27 Jan 2020 15:48:25 GMT
server: Contentful Images API
age: 45816
etag: "762b9457233e21809bbd58d0075e3dc7"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 164793
x-amz-cf-id: 52fS-vsBux1nPr-yQ0pWIPl5egbTzKjSufBLYw7b0OuVPhr-jnykgQ==

GET
H2 200 paysafe.png
images.ctfassets.net/kijvoxi4q0zn/41nin6pA92SG2EO06iaYEO/76548fa568856af2df611d3fdaa5b9a0/ 2 KB
3 KB 48ms
27ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/41nin6pA92SG2EO06iaYEO/76548fa568856af2df611d3fdaa5b9a0/paysafe.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 21bb3c933ccc576c2f6d75e583fbb2bcaac5e37c71ed4644754cdaab692bf74a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "62f2a79a770caf4f38e58fd5c4a91f5f"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 2453
x-amz-cf-id: kVgXDQEHiyxItruoGh77TFhlIDkS3hwhn4g0VXXjuLgBttI3fVOicw==

GET
H2 200 skrill.png
images.ctfassets.net/kijvoxi4q0zn/c9n7WDRBqosmIY4E2ugQa/7c26eb0f1c21cdd89d87720931f56e3d/ 2 KB
3 KB 48ms
28ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/c9n7WDRBqosmIY4E2ugQa/7c26eb0f1c21cdd89d87720931f56e3d/skrill.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 145f3844ee4625769479e42ed319920f5e1d65350ce8798bf44c899ef0034793

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "b68c991eb7ce56009d8cf05ffccbc54f"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 2476
x-amz-cf-id: RGa6yVN-blLEh9XImc25PMDUsHk2t92YQZPXRzHm22GBAaGtV57Dcw==

GET
H2 200 neteller.png
images.ctfassets.net/kijvoxi4q0zn/5BDClCPzlCK06wcmCgwiIK/809768fb004de199cf7c9e94386691ae/ 3 KB
3 KB 28ms
26ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/5BDClCPzlCK06wcmCgwiIK/809768fb004de199cf7c9e94386691ae/neteller.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 21b0443189f0b628070b7b4fae484173a0edb5c031136340a6935b6b9c0eb73b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "5274c381b9bb26fb04edf7e4aa0cb3bd"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 2893
x-amz-cf-id: oUToWu6veQcJYrbqRDiRkTgW3xd9KDFZM2USr_KogBWfRjdIKOdXVQ==

GET
H2 200 muchbetter.png
images.ctfassets.net/kijvoxi4q0zn/6yfaHmr92639QNJORJpNzx/2a484641a584e6a25b5afbdda83fac61/ 8 KB
8 KB 28ms
26ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/6yfaHmr92639QNJORJpNzx/2a484641a584e6a25b5afbdda83fac61/muchbetter.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 46a27f94467663b145c20012a640f58cd0167911d9a8330ccc399a205a323e1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "44af0959532af0b396537fa2bbdde90a"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 7950
x-amz-cf-id: VIKqhEuSU0nYi9lLRA8xfW-iS5YQ_6ljNHcwXjoE3J2m45GmhQTYCQ==

GET
H2 200 EGR-Nordics-CasinoOperator-2017.png
images.ctfassets.net/kijvoxi4q0zn/6f6dOX7sD6Q8ukcwOwMykE/ada4ae647e5ef6cdd7587ae7dc0b49bd/ 32 KB
32 KB 29ms
26ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/6f6dOX7sD6Q8ukcwOwMykE/ada4ae647e5ef6cdd7587ae7dc0b49bd/EGR-Nordics-CasinoOperator-2017.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: f2902780cf44600bf868dd9ec81ba7862abec95b97cff8651762bf1a8b90dfb8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "9705e60efb9329a3514ac4df0a1b889b"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 32306
x-amz-cf-id: BrLmnFMltI9p9v5Cz5nqR820cxNSMxeL-NKbNLt1m_PlgsZ-dPCYbg==

GET
H2 200 EGR-Nordics-CasinoOperator-2016.png
images.ctfassets.net/kijvoxi4q0zn/4yEYKbj8JWEC2Gc02QuuWY/8b42c8e676005e55fe3deb01ccef0837/ 32 KB
32 KB 31ms
29ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/4yEYKbj8JWEC2Gc02QuuWY/8b42c8e676005e55fe3deb01ccef0837/EGR-Nordics-CasinoOperator-2016.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 0c48b773fbf650a8222bc9b7beaaff31923a67e2adc29f42e15ac46c677d85cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "ad9a7d687628c9928fbd2ed7aa364af2"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 32551
x-amz-cf-id: t5QtpPKNyyG2NHsreIaSu01YRgLQRA2nTknIKTKns8z34tno4CEhXw==

GET
H2 200 iphonex-app-218eb6220330196f383e34ef4e9d714e.png
promo.leovegas.com/static/ 66 KB
66 KB 7ms
6ms Image
image/png 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo.leovegas.com/static/iphonex-app-218eb6220330196f383e34ef4e9d714e.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

e5b74ea28e08ec3cfc168a3d8179d4b528514e6ddd2f87af11797d126e507a6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1953030
content-security-policy: frame-ancestors 'self' https://optimize.google.com
x-content-type-options: nosniff
age: 9357
status: 200
date: Sat, 25 Apr 2020 10:15:22 GMT
content-length: 67225
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "9529facc0599e062ffea733ea282c5cb-ssl"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 mga.png
images.ctfassets.net/kijvoxi4q0zn/2Uc4dcnb0cUSEgUqKeYmk8/5549d2a0745b2483ea3e5fbea1422682/ 4 KB
4 KB 31ms
29ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/2Uc4dcnb0cUSEgUqKeYmk8/5549d2a0745b2483ea3e5fbea1422682/mga.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 2ede25a0ac2405841be39bb212ab00eb1db622ae8c06a6cbfa1f21cc20a94bf6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "9f179ffc68cc8efa5a8dc6d543c42f10"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 3665
x-amz-cf-id: 80A6xsF1K3pQ9fadRKJfA5h_uNP5noFHAniVcvPNOs0tAJtKnHiPaQ==

GET
H2 200 gambling-commission.png
images.ctfassets.net/kijvoxi4q0zn/4Nb9hNN54c4S0oiCUa4ESm/c6602fe3b62546091d35592a4273c530/ 6 KB
6 KB 32ms
30ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/4Nb9hNN54c4S0oiCUa4ESm/c6602fe3b62546091d35592a4273c530/gambling-commission.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 5ffe45acf226a47230a5c69a51c1675b02ec885015106de4af29eec99961fc0a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "19e7e8eaf95d3d620d7824eae5b3ab8b"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 5888
x-amz-cf-id: uicwPgeH6ztIO6KpGKflhwlDjr55590bHvHRCvzdnlqGzMcEoCf44A==

GET
H2 200 license3.png
images.ctfassets.net/kijvoxi4q0zn/1QrpFMgzA4ea8gYcOmus4q/4f46552fd36bb194b222f0b6c252154a/ 6 KB
7 KB 38ms
36ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/1QrpFMgzA4ea8gYcOmus4q/4f46552fd36bb194b222f0b6c252154a/license3.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: a63d3c65ea6fb8f61859c63e4f4b966c2ffaca62733d62064acf7fcc82d0b5e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "0b78d1564ae1add09bba65d11ed32bc7"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 6324
x-amz-cf-id: RifT2jLB39qMEswbYtqZ2tSKp4_UbhzMyUou4f4-qyeZOasTRi3Lhg==

GET
H2 200 eu.png
images.ctfassets.net/kijvoxi4q0zn/2nPMd5FgoYGmgmQic6QcoK/41fbb4126551a01649fc1c471864cdd8/ 4 KB
4 KB 33ms
31ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/2nPMd5FgoYGmgmQic6QcoK/41fbb4126551a01649fc1c471864cdd8/eu.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: b855baad3ab0ad04962f7f418073e6a433589e52c45c9077e82d0786077e6329

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "3345ac39791029391aba953adb6c54e8"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 3664
x-amz-cf-id: BmFoNaiVUsX2Hl51gDDWFarMDefR1FTy49vw2V_hBawjHUtPKW8xWQ==

GET
H2 200 begambleaware.png
images.ctfassets.net/kijvoxi4q0zn/4n5itn9bJeauCqAYGIYEc8/54f339e439f7b365d8a19824aefafbb5/ 5 KB
5 KB 33ms
31ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/4n5itn9bJeauCqAYGIYEc8/54f339e439f7b365d8a19824aefafbb5/begambleaware.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 02920491695411e238e7fbc665cb602f6f314db84721495b6d5c10b452fc9e59

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "3c8fe3f2334e33daa00c0aac5ad53975"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 5187
x-amz-cf-id: v2iz2tSHWfP4tIdP9AONghS_nObUk1WlAgOKXvsrapwAmsxLSgi5sA==

GET
H2 200 gamcare.png
images.ctfassets.net/kijvoxi4q0zn/62kAEz4BsAEqeaCI2ciGss/6e22bf0f1696b261eeddf0a5916cfd40/ 3 KB
3 KB 36ms
34ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/62kAEz4BsAEqeaCI2ciGss/6e22bf0f1696b261eeddf0a5916cfd40/gamcare.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 6e1587a49a2d4640c0936ab3c7b63bc37d4186b4033ecefd256bc7c1f982bb9f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "ad6b57b26bbacb687f3603f27855ecc6"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 2783
x-amz-cf-id: ixZdcg724g1AxUSSgQ4sAm2mtlMQcSrcdZn7vRytg9-DPzs0bAlXGg==

GET
H2 200 ga.png
images.ctfassets.net/kijvoxi4q0zn/59JQfnohhYqM2oI0wgOQoq/26fdfac0b667ea33c73f2145447f5cf1/ 3 KB
3 KB 37ms
35ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/59JQfnohhYqM2oI0wgOQoq/26fdfac0b667ea33c73f2145447f5cf1/ga.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 0ab3d4ad2b0c990a9de580274dd61f2c4d4369f3b1d81a2ca1def837327bd24f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "52ef383d695dcb79c5a345367acff73e"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 2717
x-amz-cf-id: _C3xDWLb0auB5B1l4EFFHEDK38ye1DQBFJyFj_tpIeuq-l1npr-log==

GET
H2 200 leosafeplay.png
images.ctfassets.net/kijvoxi4q0zn/7o9AdRaiWWyKm2A0qWmi62/94f9d8aa5b81a09b5d64fedadfdf07bb/ 3 KB
4 KB 37ms
35ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/7o9AdRaiWWyKm2A0qWmi62/94f9d8aa5b81a09b5d64fedadfdf07bb/leosafeplay.png
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 617d2a8d89bbdbebbe32227d6a72072658bce3da4a04fc704044e92bff2f9106

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:55 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "7ebf07cbf623c5893084c393bbc9d588"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 3552
x-amz-cf-id: DhJ1Ch8Gh9y_SNPprdbSsVo9L0udMjh0_WGVLSo3C8tGJ1bDS6UOgQ==

GET
DATA 200
OK truncated
/ 559 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9d708d7b66909acfdc846cf5728ed6bfa7e719555704c0c3f60c1679a51f1d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccac1881f0aa30ce6e0b27faca92813dec7f738c9bc477de7f0ff3cd97d80e4d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc3aa232da577d5cd0e40070a0cfce5bba8255e505e115c79cd6ab180b5c1e03

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1aa27217bcc70dcac6d0771b3691f0fb7cad2b3d789c9c5a68ae3343a8f8189

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a62f202a036f31afbe29957893501fd9788b8b7da68fd937f09a4748c80dfe24

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc882ad45e5baf2dd7ba934608807387d7acc22b5f05d3ed94e7ed057dd3fa44

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7432ef865494c910726e0e9b7f4cd34d33ffd95a0804dfae8695872794a11e87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1006 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c4e40525446376e67437bb87b5e547a5113d20ec4281de744b1f17beb18a388

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 593 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ade492e71a709b0ae66a7d625ab7114a519ad73726eb8d079510e5af293a8f2b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f9c92e1a12ac6e0fc59919f0c3fc20cf9dc1bd8d78db4ea7b28298bc80038ff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 22ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,700i,900,900i
Origin: https://promo.leovegas.com

Response headers

date: Wed, 08 Apr 2020 19:25:36 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:08 GMT
server: sffe
age: 1445143
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 11012
x-xss-protection: 0
expires: Thu, 08 Apr 2021 19:25:36 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 25ms
11ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,700i,900,900i
Origin: https://promo.leovegas.com

Response headers

date: Wed, 01 Apr 2020 18:22:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2053736
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 11016
x-xss-protection: 0
expires: Thu, 01 Apr 2021 18:22:23 GMT

GET
H2 200 Roboto-ExtraBlack-625fcf1eb91d0f28698b2b3308daaa35.ttf
promo.leovegas.com/static/ 41 KB
41 KB 7ms
6ms Font
font/ttf 2a03:b0c0:3:e0::1b:1
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://promo.leovegas.com/static/Roboto-ExtraBlack-625fcf1eb91d0f28698b2b3308daaa35.ttf

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:e0::1b:1 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Netlify /

Resource Hash

6a32e11a4c8e46e4b95553e27f336bc3ff424298cb36b814dd5f8b793a06ce8a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://optimize.google.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://promo.leovegas.com/de/mc-casino/?qs=btag%253D665659_7D8157989B5646A09427E3B9E97D1985%2526click_id%253D02-eocryck4iij43pmyv1umcw1odab%2526pid%253D3651445%2526bid%253D13186
Origin: https://promo.leovegas.com

Response headers

x-nf-request-id: dbd31ef6-814a-4c33-8c75-cc1673da47ca-1953043
content-security-policy: frame-ancestors 'self' https://optimize.google.com
x-content-type-options: nosniff
age: 9382
status: 200
date: Sat, 25 Apr 2020 10:14:57 GMT
content-length: 41500
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "057738e969bc0d2d07ce7ad3e9d479b5-ssl"
strict-transport-security: max-age=31536000
content-type: font/ttf
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 23ms
12ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,700i,900,900i
Origin: https://promo.leovegas.com

Response headers

date: Sat, 04 Apr 2020 09:56:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 1824880
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 11180
x-xss-protection: 0
expires: Sun, 04 Apr 2021 09:56:39 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2
fonts.gstatic.com/s/roboto/v20/ 12 KB
13 KB 16ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:100,300,400,700i,900,900i
Origin: https://promo.leovegas.com

Response headers

date: Fri, 10 Apr 2020 07:40:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:03 GMT
server: sffe
age: 1314664
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 12688
x-xss-protection: 0
expires: Sat, 10 Apr 2021 07:40:15 GMT

GET
H2 200 / Show response
track.adform.net/serving/scripts/trackpoint/async/ 76 KB
30 KB 74ms
32ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/scripts/trackpoint/async/

Requested by

Host: ufbry.tanglescanner.com
URL: http://ufbry.tanglescanner.com/fe

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Host,Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 30712
expires: Sat, 02 May 2020 12:51:19 GMT

GET
H2 200 set-affiliate-domain-cookie
www.leovegas.com/ 0
0 656ms
567ms Fetch
application/json 107.154.248.168
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leovegas.com/set-affiliate-domain-cookie?btag=665659_7D8157989B5646A09427E3B9E97D1985&pid=3651445&bid=13186&clickid=undefined&subid=undefined&lobby=casino
Requested by: Host: promo.leovegas.com
URL: https://promo.leovegas.com/component---src-templates-casino-index-js.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.248.168 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.248.168.ip.incapdns.net
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 524 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e26ecb19c4ba59662297647d7d608a8f273c49e9c6fdd9e30a0808dfdbe5c18

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WGS5KD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 764
date: Sat, 25 Apr 2020 12:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Sat, 25 Apr 2020 14:38:35 GMT

GET
H2 200 ATCH_-_New_BoD_-_LP_pop_up.png
images.ctfassets.net/kijvoxi4q0zn/3XtQZkFw7Yg4uoQE8uMkoI/e5fd59d70c8e464a255c116cc439aae4/ 191 KB
191 KB 9ms
8ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/3XtQZkFw7Yg4uoQE8uMkoI/e5fd59d70c8e464a255c116cc439aae4/ATCH_-_New_BoD_-_LP_pop_up.png?w=635&h=210&q=50
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: d86df079f0b6629337bd9b94f8ff18a8b9feba0d99f5861b551b8a074174f741

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Jan 2020 15:41:54 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
server: Contentful Images API
age: 9234565
etag: "001445646bef1dfb3ca9bfb58528304d"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 195184
x-amz-cf-id: xyyCZKoZ8FRMfQP9veSlqxgtLNjxUE-odEGbm9MDtvFCRFQkXKW7yg==

GET
H2 200 UKlobby__2_.png
images.ctfassets.net/kijvoxi4q0zn/1mMnhZGjw8GIkuO26y8k6o/ddec6433a4123f578a0e2fe9987d89ee/ 112 KB
113 KB 11ms
10ms Image
image/png 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/1mMnhZGjw8GIkuO26y8k6o/ddec6433a4123f578a0e2fe9987d89ee/UKlobby__2_.png?w=800&h=763&q=50
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: ea5d67097e832df5374afa6ebf75466d3308c62a206c0931d54aee7ae36088e4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 24 Apr 2020 21:17:38 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
last-modified: Thu, 19 Mar 2020 11:37:28 GMT
server: Contentful Images API
age: 56021
etag: "9f443c7ce919ffa9c08fb5e38998a3d0"
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 114900
x-amz-cf-id: hLPjHhtpKafxHKCERr4u5fhQex6IK2EGfPcWcVH-h2laOd4jcTFyOw==

GET
H2 200 DE_MC-CASINO_DESKTOP.jpg
images.ctfassets.net/kijvoxi4q0zn/5vJ0jkR5LiOE6w48wmU2As/0c4161b2cd85e35c279182ff0d570d45/ 156 KB
156 KB 12ms
12ms Image
image/jpeg 2600:9000:21f3:b400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/kijvoxi4q0zn/5vJ0jkR5LiOE6w48wmU2As/0c4161b2cd85e35c279182ff0d570d45/DE_MC-CASINO_DESKTOP.jpg?w=1920&h=1080&q=50
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 70a1f9af063368df68b8fe1902cdd9d21a487a25083d1b68b449ca73496a6420

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 24 Apr 2020 16:14:04 GMT
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
last-modified: Wed, 22 Apr 2020 11:26:51 GMT
server: Contentful Images API
age: 74235
etag: "0345304def9258e67416ffb456ec65a7"
status: 200
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
content-length: 159512
x-amz-cf-id: DajfB8xPC79M7BbNVnOd10CZA1nuEDcgtNM0HO1g2fyF_US5Q4qiWA==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
211 B 13ms
13ms XHR
text/plain 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j81&aip=1&a=1063024706&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.leovegas.com%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526click_id%25253D02-eocryck4iij43pmyv1umcw1odab%252526pid%25253D3651445%252526bid%25253D13186&dp=%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526click_id%25253D02-eocryck4iij43pmyv1umcw1odab%252526pid%25253D3651445%252526bid%25253D13186&ul=en-us&de=UTF-8&dt=Casino%20f%C3%BCr%20Mobilger%C3%A4te%20und%20Online-Casino%20-%20Spielen%20Sie%20Casino-Spiele%20online%20oder%20auf%20Ihrem%20Mobilger%C3%A4t%20%7C%20LeoVegas%20Casino&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ci=665659&cn=13186&cs=665659&cm=affiliate&_u=YEBAAMABAAAAAC~&jid=964966788&gjid=331791658&cid=1486054343.1587819080&tid=UA-25600410-30&_gid=1185307010.1587819080&_r=1&gtm=2wg4f0WGS5KD&cd1=665659&cd3=3651445&cd4=leo&cd7=de&cd32=87&cd35=8&z=1815018436

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://promo.leovegas.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 50ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-25600410-30&cid=1486054343.1587819080&jid=964966788&gjid=331791658&_gid=1185307010.1587819080&_u=YEBAAMAAAAAAAC~&z=1100629975

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 25 Apr 2020 12:51:19 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://promo.leovegas.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/Serving/TrackPoint/ 18 KB
9 KB 23ms
23ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?pm=497538&ADFPageName=mc-casino-lp&ADFdivider=%7C&ord=930952758979&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fpromo.leovegas.com%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a1fbed4c31a07d9d7ff6cd26b102c74c5434df3ed4d6e4860ca11aa08e60beb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 8872
expires: -1

GET
H2 200 / Show response
track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dFqwomevLNDrhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7s... 1 KB
1 KB 24ms
23ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dFqwomevLNDrhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt3Q9cUVlOrXTAxw63UYOKES5jfzmkflFflczl998tp7ppfAaZ6m1CdC5MQjGejuTDRNziCvTDfWocQTPOKSfB6QqgXK_Pmtd0UbUV8afuyPBC2TDf6DTlfTPU8bDdYejftckuyPBDjaY2ftckkCoq75uQ0ISOTdToBjN0VrAR0odm_dhrxbuJjkWxv5iJ3A0KAGYjAU.0Y.KI.I_5DK1e6SubtXjmxjTlfe2Rc7L1eWNNW5BNlYiJklY5B5Rhj.JNldj1DxqAeL9.gJ0Nc1lF4XVA4.L9.KNc0FAKXV4JhL90ftctDL90ftctDL9.J1pNc0FAKXV4jMk..pz/serving/trackpoint/?pm=497538&ADFPageName=mc-casino-lp&ADFdivider=%7c&ord=930952758979&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&loc=https%3a%2f%2fpromo.leovegas.com%2fde%2fmc-casino%3fqs%3dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli&catdt=0

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3ff6648f1afd250ee28b14104dfb9961343a3f39f27f83a019cad68b060450c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 974
expires: -1

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
499 B 30ms
16ms Image
image/gif 2a00:1450:4001:81b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j81&tid=UA-25600410-30&cid=1486054343.1587819080&jid=964966788&_u=YEBAAMAAAAAAAC~&z=1473192458

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
499 B 30ms
17ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j81&tid=UA-25600410-30&cid=1486054343.1587819080&jid=964966788&_u=YEBAAMAAAAAAAC~&z=1473192458

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
track.adform.net/serving/container/ Frame EBF0 0
0 20ms
20ms Document
text/html 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/container/?pm=497538&lid=31340545&ctype=0&media=0&PageName=mc-casino-lp&rnd=1726967832&cpref=&loc=https%3a%2f%2fpromo.leovegas.com%2fde%2fmc-casino%3fqs%3dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: track.adform.net
:scheme: https
:path: /serving/container/?pm=497538&lid=31340545&ctype=0&media=0&PageName=mc-casino-lp&rnd=1726967832&cpref=&loc=https%3a%2f%2fpromo.leovegas.com%2fde%2fmc-casino%3fqs%3dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=-7183897335707452635
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: nginx
date: Sat, 25 Apr 2020 12:51:19 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 13 KB
6 KB 118ms
29ms Script
application/x-javascript 91.228.74.211
QUANTCAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: track.adform.net
URL: https://track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dFqwomevLNDrhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt3Q9cUVlOrXTAxw63UYOKES5jfzmkflFflczl998tp7ppfAaZ6m1CdC5MQjGejuTDRNziCvTDfWocQTPOKSfB6QqgXK_Pmtd0UbUV8afuyPBC2TDf6DTlfTPU8bDdYejftckuyPBDjaY2ftckkCoq75uQ0ISOTdToBjN0VrAR0odm_dhrxbuJjkWxv5iJ3A0KAGYjAU.0Y.KI.I_5DK1e6SubtXjmxjTlfe2Rc7L1eWNNW5BNlYiJklY5B5Rhj.JNldj1DxqAeL9.gJ0Nc1lF4XVA4.L9.KNc0FAKXV4JhL90ftctDL90ftctDL9.J1pNc0FAKXV4jMk..pz/serving/trackpoint/?pm=497538&ADFPageName=mc-casino-lp&ADFdivider=%7c&ord=930952758979&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&loc=https%3a%2f%2fpromo.leovegas.com%2fde%2fmc-casino%3fqs%3dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli&catdt=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.211 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 25 Apr 2020 12:51:19 GMT
Content-Encoding: gzip
Last-Modified: Sat, 25-Apr-2020 12:51:19 GMT
Server: QS
Etag: M0-56c8c653
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Strict-Transport-Security: max-age=86400
Content-Length: 5651
Expires: Sat, 02 May 2020 12:51:19 GMT

GET
H2 200 / Show response
track.adform.net/Serving/TrackPoint/ 106 B
589 B 21ms
21ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?pm=497538&ADFPageName=Sc_Ret&ADFdivider=%7C&ord=479447630906&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fpromo.leovegas.com%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526cli

Requested by

Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f4ece62d0a6e6c4bc5e7e7abda70ad5600b0c7c4e6bb3c1ae5619e7057424d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 182
expires: -1

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 71 KB
25 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NZW9CHB&t=gtm87&cid=1486054343.1587819080&aip=true

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02779ea93852309d201c97290abab4b846597363c31c27d6426bcfe2b363870c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 25 Apr 2020 12:51:19 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 25793
x-xss-protection: 0
expires: Sat, 25 Apr 2020 12:51:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WGS5KD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 764
date: Sat, 25 Apr 2020 12:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Sat, 25 Apr 2020 14:38:35 GMT

GET
H2 200 rules-p-qv3RqfmexMYyL.js Show response
rules.quantcount.com/ 914 B
1 KB 24ms
12ms Script
application/x-javascript 2600:9000:2156:8400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-qv3RqfmexMYyL.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:8400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ab9ed0744611d8f0343da4b94847994eeb56dfe17ea90163e3ffcce0a9ac550

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 25 Apr 2020 12:18:18 GMT
via: 1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
last-modified: Tue, 15 Oct 2019 08:49:10 GMT
server: AmazonS3
age: 1982
etag: "df68c6cf604f6bb845eaebca281b8631"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 914
x-amz-cf-id: iJdr6Xuksn-I9Gb1Otmt_-bwN1OtTtFNEVSnvP1dw6a9yOcFt7Y8cA==

GET
H/1.1 200
OK pixel;r=1910743465;labels=_fp.event.Homepage;rf=0;a=p-qv3RqfmexMYyL;url=https%3A%2F%2Fpromo.leovegas.com%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526click_id%25...
pixel.quantserve.com/ 35 B
796 B 25ms
9ms Image
image/gif 52.29.6.185
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1910743465;labels=_fp.event.Homepage;rf=0;a=p-qv3RqfmexMYyL;url=https%3A%2F%2Fpromo.leovegas.com%2Fde%2Fmc-casino%3Fqs%3Dbtag%25253D665659_7D8157989B5646A09427E3B9E97D1985%252526click_id%25253D02-eocryck4iij43pmyv1umcw1odab%252526pid%25253D3651445%252526bid%25253D13186;fpan=1;fpa=P0-1460708501-1587819079881;ns=0;ce=1;qjs=1;qv=0e9a7da-20191205140709;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1587819079881;tzo=-120;ogl=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.6.185 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-6-185.eu-central-1.compute.amazonaws.com

Software

QS /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 25 Apr 2020 12:51:19 GMT
Server: QS
Strict-Transport-Security: max-age=86400
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

pixel Show response
ads.creative-serving.com/ul_cb/
Redirect Chain

https://ads.creative-serving.com/pixel?id=3151410&type=js
https://ads.creative-serving.com/ul_cb/pixel?id=3151410&type=js

870 B
1 KB

9ms
9ms

Script
text/javascript

18.197.235.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.creative-serving.com/ul_cb/pixel?id=3151410&type=js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.235.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-235-0.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c53955dfde0bb0f3714507d51eed0860cc6e75728df95e2131b5f0f5f964dec3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 25 Apr 2020 12:51:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 870
Content-Type: text/javascript

Redirect headers

Location: https://ads.creative-serving.com/ul_cb/pixel?id=3151410&type=js
Date: Sat, 25 Apr 2020 12:51:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

204
No Content

7f50bcbe-73e5-4dd9-b9fd-64e8201594c1
sync.1rx.io/usersync/bidswitch/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=413
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=413
https://sync.1rx.io/usersync/bidswitch/7f50bcbe-73e5-4dd9-b9fd-64e8201594c1?gdpr=&gdpr_consent=

0
185 B

90ms
22ms

Image
text/plain

213.19.147.150
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1rx.io/usersync/bidswitch/7f50bcbe-73e5-4dd9-b9fd-64e8201594c1?gdpr=&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.19.147.150 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 25 Apr 2020 12:51:29 GMT
Cache-Control: no-store, no-cache, must-revalidate
Server: nginx
Connection: keep-alive
Expires: 0

Redirect headers

status: 302
date: Sat, 25 Apr 2020 12:51:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.1rx.io/usersync/bidswitch/7f50bcbe-73e5-4dd9-b9fd-64e8201594c1?gdpr=&gdpr_consent=
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

rtset
bh.contextweb.com/bh/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=905
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=905
https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1

49 B
468 B

66ms
23ms

Image
image/gif

74.214.194.139
PULSEPOINT-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

74.214.194.139 Amsterdam, Netherlands, ASN59940 (PULSEPOINT-EU, NL),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-64dff769d7-klrnh
expires: -1

Redirect headers

status: 302
date: Sat, 25 Apr 2020 12:51:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=924
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&ssp=&expires=30&user_group=2&cb=924
https://rtb.gumgum.com/usersync?b=bsw&i=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1

35 B
237 B

92ms
32ms

Image
image/gif

52.30.142.234
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.142.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-142-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:29 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
status: 200
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

status: 302
date: Sat, 25 Apr 2020 12:51:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //rtb.gumgum.com/usersync?b=bsw&i=7f50bcbe-73e5-4dd9-b9fd-64e8201594c1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200

2.gif
id5-sync.com/c/101/2/0/
Redirect Chain

https://id5-sync.com/s/101/a5f8000c-2c05-41f0-b4b0-6a8b705326c2/1.gif
https://id5-sync.com/c/101/101/1/1.gif?puid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2&gdpr=1&gdpr_consent=
https://ib.adnxs.com/getuid?https://id5-sync.com/c/101/2/0/2.gif?puid=$UID&gdpr=1&gdpr_consent=
https://id5-sync.com/c/101/2/0/2.gif?puid=0&gdpr=1&gdpr_consent=

43 B
1 KB

31ms
31ms

Image
image/gif

51.75.146.199
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/101/2/0/2.gif?puid=0&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.75.146.199 , Germany, ASN16276 (OVH, FR),

Reverse DNS

p12.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 25 Apr 2020 12:51:29 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Pragma: no-cache
Date: Sat, 25 Apr 2020 12:51:31 GMT
X-Proxy-Origin: 83.97.23.35; 83.97.23.35; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.24:80
AN-X-Request-Uuid: 4d3e6af9-b99d-4274-b7da-3f712df6f949
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://id5-sync.com/c/101/2/0/2.gif?puid=0&gdpr=1&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2

42 B
915 B

31ms
31ms

Image
image/gif

52.16.76.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.76.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-76-117.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v066-03714cc40.edge-irl1.demdex.com 5.67.0.20200415110424 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: eUYvPo5+Szc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: S3h9dUj5TRk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p161
match.justpremium.com/match/ 43 B
647 B 34ms
7ms Image
image/gif 35.157.140.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/p161?ex_uid=a5f8000c-2c05-41f0-b4b0-6a8b705326c2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.140.233 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-140-233.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sat, 25 Apr 2020 12:51:29 GMT
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

gcm
ads.creative-serving.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm=&google_sc=&google_tc=
https://ads.creative-serving.com/gcm?google_gid=CAESECUI00SsH6GpwS9hOKOGkRA&google_cver=1

43 B
300 B

14ms
14ms

Image
image/gif

18.197.235.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/gcm?google_gid=CAESECUI00SsH6GpwS9hOKOGkRA&google_cver=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.235.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-235-0.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 25 Apr 2020 12:51:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 25 Apr 2020 12:51:29 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.creative-serving.com/gcm?google_gid=CAESECUI00SsH6GpwS9hOKOGkRA&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.creative-serving.com
ads.leovegas.com
bh.contextweb.com
cm.g.doubleclick.net
dpm.demdex.net
fdfjhks.com
fonts.googleapis.com
fonts.gstatic.com
ib.adnxs.com
id5-sync.com
images.ctfassets.net
leo-promo-redirect-service.herokuapp.com
match.justpremium.com
media.ascend.ai
pixel.quantserve.com
promo.leovegas.com
rtb.gumgum.com
rules.quantcount.com
secure.quantserve.com
stats.g.doubleclick.net
sync.1rx.io
track.adform.net
ufbry.tanglescanner.com
url-partners.g2afse.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.leovegas.com
x.bidswitch.net
107.154.248.103
107.154.248.168
143.204.89.129
172.217.23.162
18.197.235.0
185.255.178.215
185.33.221.87
212.32.249.99
213.19.147.150
2600:9000:2156:8400:6:44e3:f8c0:93a1
2600:9000:21f3:b400:12:94b3:c380:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:814::2008
2a00:1450:4001:819::200e
2a00:1450:4001:81b::2003
2a00:1450:4001:81b::2004
2a00:1450:4001:825::200a
2a00:1450:400c:c0c::9a
2a03:b0c0:3:e0::1b:1
3.120.19.19
35.157.140.233
37.157.4.39
46.41.136.161
51.75.146.199
52.16.76.117
52.212.3.250
52.29.6.185
52.30.142.234
74.214.194.139
91.228.74.211
02779ea93852309d201c97290abab4b846597363c31c27d6426bcfe2b363870c
02920491695411e238e7fbc665cb602f6f314db84721495b6d5c10b452fc9e59
0ab3d4ad2b0c990a9de580274dd61f2c4d4369f3b1d81a2ca1def837327bd24f
0c48b773fbf650a8222bc9b7beaaff31923a67e2adc29f42e15ac46c677d85cc
11e8a65724727f8d85f6e67b2898ec44667603de266f8852c7fc61380a4ba333
13070ea2580a294d3f939e38bb38cf344a9bb812cfd7c1c86fe96261a9735c45
145f3844ee4625769479e42ed319920f5e1d65350ce8798bf44c899ef0034793
1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d
21b0443189f0b628070b7b4fae484173a0edb5c031136340a6935b6b9c0eb73b
21bb3c933ccc576c2f6d75e583fbb2bcaac5e37c71ed4644754cdaab692bf74a
273960782964d6c98b7784d94eef99d63d8bf70c80a48a3d77da0c8191989c39
2c4e40525446376e67437bb87b5e547a5113d20ec4281de744b1f17beb18a388
2ede25a0ac2405841be39bb212ab00eb1db622ae8c06a6cbfa1f21cc20a94bf6
3ab9ed0744611d8f0343da4b94847994eeb56dfe17ea90163e3ffcce0a9ac550
3f19e7d6f3aa8a8b8ba3d0b5cfba6a4e3ba348cca25f7b40ed4dd62fe3f18c69
3ff6648f1afd250ee28b14104dfb9961343a3f39f27f83a019cad68b060450c5
46a27f94467663b145c20012a640f58cd0167911d9a8330ccc399a205a323e1d
4e26ecb19c4ba59662297647d7d608a8f273c49e9c6fdd9e30a0808dfdbe5c18
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5ffe45acf226a47230a5c69a51c1675b02ec885015106de4af29eec99961fc0a
617d2a8d89bbdbebbe32227d6a72072658bce3da4a04fc704044e92bff2f9106
6a32e11a4c8e46e4b95553e27f336bc3ff424298cb36b814dd5f8b793a06ce8a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e1587a49a2d4640c0936ab3c7b63bc37d4186b4033ecefd256bc7c1f982bb9f
70a1f9af063368df68b8fe1902cdd9d21a487a25083d1b68b449ca73496a6420
7432ef865494c910726e0e9b7f4cd34d33ffd95a0804dfae8695872794a11e87
7b5165ebffb365f7fc2989eaa06cdf638ad38629983f555cd1c4c7126e31e13d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8f9c92e1a12ac6e0fc59919f0c3fc20cf9dc1bd8d78db4ea7b28298bc80038ff
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9c4847a0d5251f76524c7aefa089734059c97c62f16b0d3c5dac587adce460cb
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a080c536e41b95ac928442ffa1aae2821385f4231133427cb3253dd1e161ebb8
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1fbed4c31a07d9d7ff6cd26b102c74c5434df3ed4d6e4860ca11aa08e60beb4
a62f202a036f31afbe29957893501fd9788b8b7da68fd937f09a4748c80dfe24
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
a63d3c65ea6fb8f61859c63e4f4b966c2ffaca62733d62064acf7fcc82d0b5e8
a9d708d7b66909acfdc846cf5728ed6bfa7e719555704c0c3f60c1679a51f1d6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ade492e71a709b0ae66a7d625ab7114a519ad73726eb8d079510e5af293a8f2b
b14a7f9c486e98dee1363e7fe513bfb4a1f85cccd620aa93f9492c9b1669c70d
b855baad3ab0ad04962f7f418073e6a433589e52c45c9077e82d0786077e6329
b8aec6d1e7579b5ddd014fed003866641dc90ceb9b6af62954604c2fdfa5e323
bc882ad45e5baf2dd7ba934608807387d7acc22b5f05d3ed94e7ed057dd3fa44
c53955dfde0bb0f3714507d51eed0860cc6e75728df95e2131b5f0f5f964dec3
c912fa208445fceb853c23973e36a27b376b5182cc556958c90d3d3b495b92eb
cb161a4f6a97c9db3ed2aa1816123c5952a4483ddd4a9574f3bdaee2ac8ca090
ccac1881f0aa30ce6e0b27faca92813dec7f738c9bc477de7f0ff3cd97d80e4d
ce6756a7c10ff1f8be82a1e4e94a18bb8e68c2f19df87df9cb8168c6dda2fd5a
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d2008d7ac43ddc199651ebf76b1a974f8af49cfb11ec6e54f157697d77e46f14
d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929
d7517a962ddd39d42b154057e9f81656e3dc856c3693bd12a1042dcad23133b4
d86df079f0b6629337bd9b94f8ff18a8b9feba0d99f5861b551b8a074174f741
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b74ea28e08ec3cfc168a3d8179d4b528514e6ddd2f87af11797d126e507a6a
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
ea5d67097e832df5374afa6ebf75466d3308c62a206c0931d54aee7ae36088e4
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecedee93ded5c7db153d592965cb4423572d78e99d91c73854b568dcdf606467
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1aa27217bcc70dcac6d0771b3691f0fb7cad2b3d789c9c5a68ae3343a8f8189
f2902780cf44600bf868dd9ec81ba7862abec95b97cff8651762bf1a8b90dfb8
f3175546b933ff3e2b00031335deffb637a0bf9af0217eb3ef27cbbd201b1f94
f4ece62d0a6e6c4bc5e7e7abda70ad5600b0c7c4e6bb3c1ae5619e7057424d45
f5f6e2d84fe9da053ccf36ed6c8c0d84508303b63b8a179834ab24120f32d634
fc3aa232da577d5cd0e40070a0cfce5bba8255e505e115c79cd6ab180b5c1e03
ff0abbe78f7491c5fcec8a61fc9d0e61c36da4b91826afe60236065b68bcfde0

promo.leovegas.com Open in urlscan Pro 2a03:b0c0:3:e0::1b:1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

66 Requests

97 %HTTPS

33 %IPv6

26 Domains

30 Subdomains

25 IPs

9 Countries

1548 kBTransfer

2794 kBSize

0 Cookies

7 Outgoing links

Page URL History

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

promo.leovegas.com Open in urlscan Pro
2a03:b0c0:3:e0::1b:1 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

97 %
HTTPS

33 %
IPv6

26
Domains

30
Subdomains

25
IPs

9
Countries

1548 kB
Transfer

2794 kB
Size

0
Cookies

66 HTTP transactions
11 data transactions