walter-larence.com/9fc12c44-a119-4c92-b8c4-8b0991149ad0
302 0 B URL HTTP/1.1 walter-larence.com/9fc12c44-a119-4c92-b8c4-8b0991149ad0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /9fc12c44-a119-4c92-b8c4-8b0991149ad0 HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Tue, 13 Sep 2022 13:56:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o
Pragma: no-cache
Set-Cookie: 9fc12c44-a119-4c92-b8c4-8b0991149ad0-v4=s5JoHd5wQchpQYu_1Kns7XYOnn6wDf3u4wx08gMH5FU; Max-Age=86400; Expires=Wed, 14-Sep-2022 13:56:03 GMT; Domain=walter-larence.com; Path=/; HttpOnly
cc-v4=cJAieG0B8dj9KsHFtrnWBe%2FL8g536sZG9cOqC9afdtDyKMVQ%2B8T1GFI0x9V%2FFg7GKfVewwqFw8tXmpEIc4bgVOnlCFisB9imnxjYDWAQyIwfv8qRud5yk0zzLrTEqRAHIeP%2FldKjmBueJ%2BL%2FXlWXwA%3D%3D; Max-Age=31536000; Expires=Wed, 13-Sep-2023 13:56:03 GMT; Domain=walter-larence.com; Path=/; HttpOnly
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 13 Sep 2022 17:00:05 GMT
Date: Tue, 13 Sep 2022 13:56:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 13:08:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zG9igv-pSQkdNL37z8Ucp8RtdGkifOhafZakMjzjVvLOIPGLONYo7g==
Age: 2838
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -h9cdCqAx-cDVQINkpTklB9ZBMW8lr5mr0pOvpIIKNw3mIrZmmZpXA==
age: 33649
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 13:56:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 13 Sep 2022 13:03:22 GMT
Cache-Control: max-age=3600
Expires: Tue, 13 Sep 2022 13:12:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oPMV8YwOfS2NOQfrH2u16HknT7d5YalPfjQ3DmjSbJAaKFm8-bi-hg==
Age: 3161
ocsp.digicert.com/
200 OK 471 B IP
Hash e96dbe1b54932c8f447bbbfc9d31cfb0
b15d4a54fbdf95b0af8bd34b6f8ef03055eef0cd
427326963ac1ef6ddeeaf52ab07807c694b82effa6111671ada8270b1faecdae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3049
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Last-Modified: Tue, 13 Sep 2022 13:05:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SpFNL7rC1ia97Izl5Fx/Kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bg8CWwdrhjLmBLp/OlFEjCvSaug=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic,cyrillic-ext
200 OK 1.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic,cyrillic-ext
IP
Hash de8583fcb6e3708c5e4254a74264dbca
cced9d1566fd09d75f44cdb9c4086bee8466ba2a
69901c75b552059f3bbc8499859ae9679c26ea6bf0689fba38f6fcb91077557d
GET /css?family=Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic,cyrillic-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 13 Sep 2022 13:56:04 GMT
date: Tue, 13 Sep 2022 13:56:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.gmlinteractive.com/myaccount/images/betano_sprite.png?3be2ce7b-1663061976035
200 OK 174 kB URL HTTP/2 static.gmlinteractive.com/myaccount/images/betano_sprite.png?3be2ce7b-1663061976035
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 174 kB (174470 bytes)
Hash 374a8e11d6ec895ea3cc678871d4b6c8
7840d7d0988df9130df7f8eec76992b48716e5e4
b800250af11854dcc3a4b1e83b01ba94d6d349ad9c049b0c227394f42fcc1f6b
GET /myaccount/images/betano_sprite.png?3be2ce7b-1663061976035 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.gmlinteractive.com/myaccount/css/betano.css?9PuwntUghGEWM_j5RcK7Dg224
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: image/webp
content-length: 174470
cache-control: public, max-age=2678400
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=231095
content-disposition: inline; filename="betano_sprite.webp"
etag: "2c4239ec60bcd81:0"
last-modified: Tue, 30 Aug 2022 11:09:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-content-type-options: nosniff
x-farm: 14
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6687
accept-ranges: bytes
server: cloudflare
cf-ray: 74a1625a1fb61c06-OSL
X-Firefox-Spdy: h2
static.gmlinteractive.com/myaccount/css/no-ie-betano.css?oETZ6QPtr2QKf6hF-5lO9w224
200 OK 100 kB URL HTTP/2 static.gmlinteractive.com/myaccount/css/no-ie-betano.css?oETZ6QPtr2QKf6hF-5lO9w224
IP
File type ASCII text, with very long lines (9723), with no line terminators
Size 100 kB (100186 bytes)
Hash d5372c24701b29512b8b37b6eb249817
9efd64f2cefcc6e0c0bdb9b4b0aeef55ba70b6d1
11cf7bbec296da6cf091bedd082c1c196794883e76051b05c18215e957c5aded
GET /myaccount/css/no-ie-betano.css?oETZ6QPtr2QKf6hF-5lO9w224 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: text/css
last-modified: Tue, 30 Aug 2022 11:38:10 GMT
etag: W/"5ff411fb64bcd81:0"
vary: Accept-Encoding
x-farm: 15
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1213705
set-cookie: __cf_bm=XS7FB8Hqn0GF6.veQ5.1DALarBjkKsP3IzXVjHeimjg-1663077364-0-AeZF5BeHWZ7K0FY7XTUnhmu0R2P7wW2kLTu4N463l/dcqbITq3VeuF9wOurdyDgI3IJRw3ALH+ntYB3vIAXbzww=; path=/; expires=Tue, 13-Sep-22 14:26:04 GMT; domain=.gmlinteractive.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74a162597ed21c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 498116
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 02:02:22 GMT
expires: Sun, 10 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 302022
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 498116
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.gmlinteractive.com/myaccount/images/countryban/mail.svg?ae05a045-1663061976135
200 OK 42 kB URL HTTP/2 static.gmlinteractive.com/myaccount/images/countryban/mail.svg?ae05a045-1663061976135
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (857), with CRLF line terminators
Hash f712418de9115e3badda7950ef488fd2
af3a58a20aa7c471eafb89168b41c989f5d2c4e8
eac98ebaad21b4f152b036302169ed5f25e738d1f7ec6679a299cb186997cb14
GET /myaccount/images/countryban/mail.svg?ae05a045-1663061976135 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.gmlinteractive.com/myaccount/css/betano.css?9PuwntUghGEWM_j5RcK7Dg224
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Oct 2021 15:38:30 GMT
etag: W/"48e554b148cbd71:0"
x-farm: 15
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 6687
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a1625a1fb91c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-MC5DHJN
200 OK 85 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MC5DHJN
IP
File type ASCII text, with very long lines (18104)
Hash 6e30b58055736920e3aeaefacee872d1
db9b0ee7b7f7de4b1558bb1e918dc63eeadc4a2c
0cc5cb3db3fb05819ad9ae841304bde0385d773fdcc1c2e80eff2fa0a4e4196a
GET /gtm.js?id=GTM-MC5DHJN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 13 Sep 2022 13:56:05 GMT
expires: Tue, 13 Sep 2022 13:56:05 GMT
cache-control: private, max-age=900
last-modified: Tue, 13 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85169
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.gmlinteractive.com/sportsbookv3/assets/static/favicons/betano/android-icon-192x192.png
200 OK 7.3 kB URL HTTP/2 static.gmlinteractive.com/sportsbookv3/assets/static/favicons/betano/android-icon-192x192.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3d88300b4def48f4993f2ba68f6f2938
42fe997285ce251312fe97ae358dba64147d826b
23572c95732ab4e2ae127880fd593bb35f94c57abf1681c550d2d534d4e9db9f
GET /sportsbookv3/assets/static/favicons/betano/android-icon-192x192.png HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: image/webp
content-length: 7278
cache-control: public, max-age=2678400
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=8380
content-disposition: inline; filename="android-icon-192x192.webp"
etag: "eec8cffb58b1d81:0"
last-modified: Tue, 16 Aug 2022 10:14:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-content-type-options: nosniff
x-farm: 15
x-xss-protection: 1; mode=block
access-control-allow-methods: GET
access-control-allow-origin: *
cf-cache-status: HIT
age: 1977346
accept-ranges: bytes
server: cloudflare
cf-ray: 74a1625b89bc1c06-OSL
X-Firefox-Spdy: h2
static.gmlinteractive.com/sportsbookv3/assets/static/favicons/betano/favicon-16x16.png
200 OK 794 B URL HTTP/2 static.gmlinteractive.com/sportsbookv3/assets/static/favicons/betano/favicon-16x16.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 23d0014c6781a948d06b15e17b8e4f90
86e3e8d07e0a87c687b79b43f8755fd927faaaef
3159cb161ff0128cfd35a7291a2475c32c612cc2fb25c30bf2c562aa4e297b39
GET /sportsbookv3/assets/static/favicons/betano/favicon-16x16.png HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: image/webp
content-length: 794
cache-control: public, max-age=2678400
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=1070
content-disposition: inline; filename="favicon-16x16.webp"
etag: "eec8cffb58b1d81:0"
last-modified: Tue, 16 Aug 2022 10:14:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-content-type-options: nosniff
x-farm: 14
x-xss-protection: 1; mode=block
access-control-allow-methods: GET
access-control-allow-origin: *
cf-cache-status: HIT
age: 806582
accept-ranges: bytes
server: cloudflare
cf-ray: 74a1625b89bf1c06-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 167378beef2e1b0dafefbdc6210752c2
afbdff67a5647b04de65499da7d2d00cc21eb808
1dfe3c3aa34673799955912c86f82ccf81a1110cd82058241e2e85fb84e5caa7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4279
Cache-Control: max-age=153965
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Etag: "632031ab-1d7"
Expires: Thu, 15 Sep 2022 08:42:10 GMT
Last-Modified: Tue, 13 Sep 2022 07:30:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
static.gmlinteractive.com/myaccount/css/betano.css?9PuwntUghGEWM_j5RcK7Dg224
200 OK 129 kB URL HTTP/2 static.gmlinteractive.com/myaccount/css/betano.css?9PuwntUghGEWM_j5RcK7Dg224
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 129 kB (129040 bytes)
Hash 82aa217d74e2c73e821ef67dede69be0
8a7ccc3df52822e718c9d849f7581fbf6b047fca
1e145b6c10652b9a50516351d0618c133e6545354c20abbdf2d08451b24ea9c2
GET /myaccount/css/betano.css?9PuwntUghGEWM_j5RcK7Dg224 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 09:39:36 GMT
etag: W/"378d85bc54c7d81:0"
vary: Accept-Encoding
x-farm: 15
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 6693
set-cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=; path=/; expires=Tue, 13-Sep-22 14:26:04 GMT; domain=.gmlinteractive.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74a162597ec71c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7faa6a78f896de4528c8cc9ed35bfa11
199ad87495595163d7d16b1eddb9506c8ddb4918
7effc4afbb7417799d0ecbb32fce2a94cba732e488fd4ce81ba5a77f4d7c13ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 056408ac2b9ef4e1962ef2c200052e0c
bdab943160cb86bc1b50cfb20e3dab253c701d31
162c44e93beb69a7964d139520b8cfa2a7fc5864e04ccb4a866e1915361303af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5933
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Last-Modified: Tue, 13 Sep 2022 12:17:12 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.google.com/pagead/conversion_async.js
200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 13 Sep 2022 13:56:05 GMT
expires: Tue, 13 Sep 2022 13:56:05 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Z7qPQd3Putnf+LpTHPOY9SzEYrcqfFps80UJ9PkRJcCVH2bMYQ1YeX43IB6LTVigtQqLXYuFlQynbIbXoEodIQ==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1679558926
date: Tue, 13 Sep 2022 13:56:05 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 167378beef2e1b0dafefbdc6210752c2
afbdff67a5647b04de65499da7d2d00cc21eb808
1dfe3c3aa34673799955912c86f82ccf81a1110cd82058241e2e85fb84e5caa7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4279
Cache-Control: max-age=153965
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Etag: "632031ab-1d7"
Expires: Thu, 15 Sep 2022 08:42:10 GMT
Last-Modified: Tue, 13 Sep 2022 07:30:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11107
Expires: Tue, 13 Sep 2022 17:01:12 GMT
Date: Tue, 13 Sep 2022 13:56:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11107
Expires: Tue, 13 Sep 2022 17:01:12 GMT
Date: Tue, 13 Sep 2022 13:56:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11107
Expires: Tue, 13 Sep 2022 17:01:12 GMT
Date: Tue, 13 Sep 2022 13:56:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9ab2ec10c79b91d15edb1d1e3dc763c
744fee4a0baa22ba3aa352d60620a916972b47dd
f7bb66f5bb572d73f936fc74823f51ede1f2c4e309a939b39d9529ff8f757fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9945
x-amzn-requestid: a347749f-a63a-4533-a274-7151b9f235ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcX8HAKoAMF5EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa765-56cff18515b2a5b3397231df;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lZ3FmD1gM8YBgZNt97kuYSol1kj0GQqRjyLT_7715VtH9GR1WpMDxA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:20 GMT
age: 58425
etag: "744fee4a0baa22ba3aa352d60620a916972b47dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2jR7F56GE_qqbRBWjNDiDBgWbCYv-Ac6kvC1LI0HciQkKGTeNDYlyw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:16:59 GMT
age: 56346
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4acf448-2a96-49a3-8257-7743a38525f5.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4acf448-2a96-49a3-8257-7743a38525f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae7d16fad4da4300a1953a916fb59688
488c58f73c81bb4d45e496c458fe3197a0884c26
4d4946932d53caad6e97bcc66527bd9cad658c0cf6f4215d01943b8a9e832959
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4acf448-2a96-49a3-8257-7743a38525f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7720
x-amzn-requestid: 7670a969-cb9c-4583-8455-10f7512ee9c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YT9YJG__oAMF4YA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e429a-674ef5a4727826ab0d60529e;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 20:18:34 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OOCryyfLht-3ebVn-5aWtQI_JnVkWxMGggv07cUoomDlgb5ogru7vg==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:01:55 GMT
age: 57250
etag: "488c58f73c81bb4d45e496c458fe3197a0884c26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 838f709437b2dfbede4ee15307afe217
2ab2ee20e720b78be6deb55f967ac0d8b7dad048
a3b47ce595b475f2aab6f7378888d15ba3e98453d6c8a3d88946efc5d65eedba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10849
x-amzn-requestid: 722d8d75-0911-4b59-af65-2b408bc09d80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbx6E9-oAMFT8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa672-74ea9343619d4a1865e34818;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4rpwcrZLDlgcwBtH7wpoHMOb8hhFbKbZSQpjWqUqbt_Sl4ud3dm9Vg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:42:18 GMT
age: 58427
etag: "2ab2ee20e720b78be6deb55f967ac0d8b7dad048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f033f00-b116-4419-9d21-3aed9c73ea2e.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f033f00-b116-4419-9d21-3aed9c73ea2e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d97e56f75165efcc71ae54952ded405
28d47359e70789115b2954b6c94711bb783b3c8c
564eac2ae99724e5f43aa1ae0afe4dec03697f888f51774e70e1b9c273c2d9d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f033f00-b116-4419-9d21-3aed9c73ea2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8764
x-amzn-requestid: 48f44e2c-3d91-46cf-8701-3c5028e0a86d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE-gLG4_oAMFn-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184467-46abfc77601bd90f39a2c840;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:12:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tE5GZDktiELwfFRC_IEAqoat6cN7vb_TA17d-zRO6saTLEGRqB94Pw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:01:47 GMT
age: 57258
etag: "28d47359e70789115b2954b6c94711bb783b3c8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 04:49:30 GMT
age: 32795
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10813395736/?random=1663077352646&cv=9&fst=1663077352646&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&auid=1260437933.1663077352&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10813395736/?random=1663077352646&cv=9&fst=1663077352646&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&auid=1260437933.1663077352&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2298), with no line terminators
Hash be26e93f84d4a2e7037ea6341c254828
580f22eaa53dad9deabcb3373ca4f8dc97d88063
f69f95cfbbfdf778cede56ae094d4c782a189452779ba015c12e4ebdcf2c0cd2
GET /pagead/viewthroughconversion/10813395736/?random=1663077352646&cv=9&fst=1663077352646&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&auid=1260437933.1663077352&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 13:56:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1059
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 13-Sep-2022 14:11:05 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.betano.bg/cdn-cgi/challenge-platform/h/g/cv/result/74a162585db2b524
200 OK 48 B URL HTTP/2 www.betano.bg/cdn-cgi/challenge-platform/h/g/cv/result/74a162585db2b524
IP
File type ASCII text, with no line terminators
Hash 9be23c46af8dfedda9259939b91e144f
72ac578531fd8eb2f90fe158f20b17f90508e702
e491f37b2df178a7a1ca10595d2399bfff9be0c6f9d97ce7274ca246644b36e5
POST /cdn-cgi/challenge-platform/h/g/cv/result/74a162585db2b524 HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12409
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://www.betano.bg/myaccount/ban/country-341629?alt=true
Cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; __cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; __cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg; __RequestVerificationToken=6fjlcCBNJAhRw6sr9CIVGNUYPWt0tdXixmTz2L6Yes2JTphGCCJIJTo0D6XCc5NFrr6WfWyyRkUX2vXhbej17PBVewzDi35TWuqZ2x-MZyE1; _tz=0; _tz_intl=UTC; _gcl_au=1.1.1260437933.1663077352
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=4Lk0YrTvROUnpDDjTWYebB2XiToxroAVZzovNfKYldI-1663077365-0-ARxp30aaHCKhcBL8Hh9YyXocs05T9euF4EkAx2OfI0LIHx/Lwscr/VLwRgZWYMq8/oUTZbohpV77felHak5wbaThhwf9G0wf48eocmeQSiU3L65annHMR6f94ag6pB/Gf3owdxcje0DB8bs7hJ3QPen4I9zf8kWZ1PmE7ZC2/CPn; path=/; expires=Tue, 13-Sep-22 14:26:05 GMT; domain=.betano.bg; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74a1625f3827b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10813395736/?random=1663077352646&cv=9&fst=1663074000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&async=1&fmt=3&is_vtc=1&random=4142852905&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10813395736/?random=1663077352646&cv=9&fst=1663074000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&async=1&fmt=3&is_vtc=1&random=4142852905&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10813395736/?random=1663077352646&cv=9&fst=1663074000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&frm=0&url=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&tiba=NOTICE%20TO%20RESIDENTS%20OF%20Norway&async=1&fmt=3&is_vtc=1&random=4142852905&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 13:56:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
track.adform.net/Serving/TrackPoint/?CC=1&pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue
200 OK 197 B URL HTTP/2 track.adform.net/Serving/TrackPoint/?CC=1&pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue
IP
File type ASCII text, with CRLF line terminators
Hash 24a308d50dc8381a11088e0737a3225d
fc01d9e0d032de0526aabae2156c3b7756bbeefd
44d13bf0750e1b0f816a2f3d8584bf19baa14df281c893864b15f00bbbdf0571
GET /Serving/TrackPoint/?CC=1&pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.betano.bg/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: text/javascript; charset=utf-8
content-length: 197
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-190481839-1&cid=936919496.1663077353&jid=1328151062&gjid=449825800&_gid=971015931.1663077353&_u=aGBACEAiBAAAAC~&z=1195481844
200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-190481839-1&cid=936919496.1663077353&jid=1328151062&gjid=449825800&_gid=971015931.1663077353&_u=aGBACEAiBAAAAC~&z=1195481844
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-190481839-1&cid=936919496.1663077353&jid=1328151062&gjid=449825800&_gid=971015931.1663077353&_u=aGBACEAiBAAAAC~&z=1195481844 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.betano.bg
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 13 Sep 2022 13:56:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 13:56:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.analytics.google.com/g/collect?v=2&tid=G-4SHXF86CT0>m=2oe9c0&_p=326238512&_gaz=1&cid=936919496.1663077353&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663077352&sct=1&seg=0&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&dt=NOTICE%20TO%20RESIDENTS%20OF%20Norway&en=page_view&_fv=1&_ss=1
204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-4SHXF86CT0>m=2oe9c0&_p=326238512&_gaz=1&cid=936919496.1663077353&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663077352&sct=1&seg=0&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&dt=NOTICE%20TO%20RESIDENTS%20OF%20Norway&en=page_view&_fv=1&_ss=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-4SHXF86CT0>m=2oe9c0&_p=326238512&_gaz=1&cid=936919496.1663077353&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663077352&sct=1&seg=0&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&dt=NOTICE%20TO%20RESIDENTS%20OF%20Norway&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.betano.bg
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.betano.bg
date: Tue, 13 Sep 2022 13:56:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=1011054466162190&ev=PageView&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&rl=&if=false&ts=1663077353551&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1663077353551.1515301334&it=1663077352672&coo=false&tm=1&rqm=GET
200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=1011054466162190&ev=PageView&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&rl=&if=false&ts=1663077353551&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1663077353551.1515301334&it=1663077352672&coo=false&tm=1&rqm=GET
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=1011054466162190&ev=PageView&dl=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue&rl=&if=false&ts=1663077353551&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1663077353551.1515301334&it=1663077352672&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Tue, 13 Sep 2022 13:56:06 GMT
expires: Tue, 13 Sep 2022 13:56:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o
302 Found 0 B URL HTTP/2 gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o
IP
GET /C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o HTTP/1.1
Host: gml-grp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 13 Sep 2022 13:56:03 GMT
content-type: text/html; charset=utf-8
cache-control: private
location: //gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o&AutoR=1
x-aspnet-version: 4.0.30319
set-cookie: CEK=a; expires=Mon, 12-Dec-2022 13:56:03 GMT; path=/
x-powered-by: ASP.NET
x-cnection: close
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0u9fH0qF7%2BK2EwhsK%2Fq969phWqHSIevbTIB0uE3jd6Yns7p%2BAcDf6XtGmVGM25QJeUtA14ObbhxpIeohwKMRb6OqU1MSz2yXQVhDo%2BVkEgwUOVfhsvKKTCTRhJDow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a16251db0eb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o&AutoR=1
302 Found 0 B URL HTTP/2 gml-grp.com/C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o&AutoR=1
IP
GET /C.ashx?btag=a_11914b_858c_&affid=3908&siteid=11914&adid=858&c=w7p9ooeh3cuk3t0j2iaetg1o&AutoR=1 HTTP/1.1
Host: gml-grp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: CEK=a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: text/html; charset=utf-8
location: https://www.betano.bg/deals/welcome-bonus/?btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o[CustomMergeFields]&siteid=11914
cache-control: private
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
set-cookie: XYZ=3&1&19&&&&0&1&&1d052cf9-ef39-4d97-ac26-6a9410a48bea&&a_11914b_858&; expires=Mon, 12-Dec-2022 13:56:04 GMT; path=/
A_858=a=858&r=0&fv=0&lv=0&vc=0&fc=20220913&lc=20220913015604&cc=1; expires=Mon, 12-Dec-2022 13:56:04 GMT; path=/
PM_23=c=w7p9ooeh3cuk3t0j2iaetg1o&s=11914&ad=858&md=0&pm=23&d=20220913135604&ip=2728320661&r=0&ref=; expires=Mon, 12-Dec-2022 13:56:04 GMT; path=/
CEK=a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
x-powered-by: ASP.NET
x-cnection: close
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPguIoTeXSD6ptIywNMaUQCMBsu0bHUVw8jtLy4yLboqEYJx%2B8GcsOCVGuABewoIXPSC7vCdEbC57wsvbWT6mVMl1pJbf6POHT0cCbXjLZVUY6yaLZCenvCiTxZKNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a162550803b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.betano.bg/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663070400
200 OK 0 B URL HTTP/2 www.betano.bg/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663070400
IP
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663070400 HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; __cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; __cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg; __RequestVerificationToken=6fjlcCBNJAhRw6sr9CIVGNUYPWt0tdXixmTz2L6Yes2JTphGCCJIJTo0D6XCc5NFrr6WfWyyRkUX2vXhbej17PBVewzDi35TWuqZ2x-MZyE1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
server: cloudflare
cf-ray: 74a1625a58cdb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.gmlinteractive.com/myaccount/js/thirdparty/modernizr-custom.js?Vg8uRmBKDs4-zGlCYSCmaw224
200 OK 0 B URL HTTP/2 static.gmlinteractive.com/myaccount/js/thirdparty/modernizr-custom.js?Vg8uRmBKDs4-zGlCYSCmaw224
IP
GET /myaccount/js/thirdparty/modernizr-custom.js?Vg8uRmBKDs4-zGlCYSCmaw224 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript
last-modified: Wed, 27 Oct 2021 15:38:30 GMT
etag: W/"0df18b148cbd71:0"
vary: Accept-Encoding
x-farm: 15
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1214248
server: cloudflare
cf-ray: 74a1625a5ffd1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.gmlinteractive.com/myaccount/js/myaccount.min.js?MDQaW4b5TbkKM3ilSWoaUA224
200 OK 0 B URL HTTP/2 static.gmlinteractive.com/myaccount/js/myaccount.min.js?MDQaW4b5TbkKM3ilSWoaUA224
IP
GET /myaccount/js/myaccount.min.js?MDQaW4b5TbkKM3ilSWoaUA224 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript
last-modified: Fri, 02 Sep 2022 10:41:43 GMT
etag: W/"9bc65b97b8bed81:0"
vary: Accept-Encoding
x-farm: 14
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 942665
server: cloudflare
cf-ray: 74a1625a5ff21c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.gmlinteractive.com/myaccount/js/lib/oddslib.cjs.js?YC2pV8tM5SPaEiIE9UuxQg224
200 OK 0 B URL HTTP/2 static.gmlinteractive.com/myaccount/js/lib/oddslib.cjs.js?YC2pV8tM5SPaEiIE9UuxQg224
IP
GET /myaccount/js/lib/oddslib.cjs.js?YC2pV8tM5SPaEiIE9UuxQg224 HTTP/1.1
Host: static.gmlinteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Cookie: __cf_bm=ZUmCaF5vaVqVHCiLS7JnHe0kS1xcBl7yo52t4aWnlVg-1663077364-0-Adb2s0RrvBvTQxDoNcOBaNEL/N7kfC2UNjNYe2NWAtF59QbplKgcO1FaTU2hyuYeYMjiDzzDLwaqfZ/TELuuMyM=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript
last-modified: Tue, 31 May 2022 08:31:32 GMT
etag: W/"04aced4c874d81:0"
vary: Accept-Encoding
x-farm: 15
cache-control: public, max-age=2678400
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1214248
server: cloudflare
cf-ray: 74a1625a5ff11c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
track.adform.net/Serving/TrackPoint/?pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue
302 Found 0 B URL HTTP/2 track.adform.net/Serving/TrackPoint/?pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue
IP
GET /Serving/TrackPoint/?pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: text/html; charset=utf-8
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=2776363&ADFPageName=bg.betano.com%7CSportsbook&ADFdivider=%7C&ord=947232859245&Set1=en-US%7Cen-US%7C1280x1024%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.betano.bg%2Fmyaccount%2Fban%2Fcountry-341629%3Falt%3Dtrue
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: C=1; domain=adform.net; expires=Thu, 13-Oct-2022 13:56:05 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
www.betano.bg/deals/welcome-bonus/?btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o[CustomMergeFields]&siteid=11914
302 Found 0 B URL HTTP/2 www.betano.bg/deals/welcome-bonus/?btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o[CustomMergeFields]&siteid=11914
IP
GET /deals/welcome-bonus/?btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o[CustomMergeFields]&siteid=11914 HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: text/html; charset=utf-8
location: /deals/welcome-bonus/?siteid=11914
x-farm: ce4
x-cacheable-status: 302
age: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-store
cf-cache-status: DYNAMIC
set-cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; domain=.betano.bg; expires=Thu, 13-Oct-2022 13:56:04 GMT; path=/; secure; HttpOnly; SameSite=None
sticky=stx51.797
__cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; path=/; expires=Tue, 13-Sep-22 14:26:04 GMT; domain=.betano.bg; HttpOnly; Secure; SameSite=None
__cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg; SameSite=None; Secure; path=/; expires=Tue, 13-Sep-22 18:56:04 GMT; HttpOnly
server: cloudflare
cf-ray: 74a162565af0b524-OSL
X-Firefox-Spdy: h2
www.betano.bg/myaccount/ban/country-341629?alt=true
200 OK 0 B URL HTTP/2 www.betano.bg/myaccount/ban/country-341629?alt=true
IP
GET /myaccount/ban/country-341629?alt=true HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; __cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; __cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: text/html; charset=utf-8
content-security-policy: frame-ancestors https://*.betano.bg:*
x-farm: 10
age: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-store
set-cookie: __RequestVerificationToken=6fjlcCBNJAhRw6sr9CIVGNUYPWt0tdXixmTz2L6Yes2JTphGCCJIJTo0D6XCc5NFrr6WfWyyRkUX2vXhbej17PBVewzDi35TWuqZ2x-MZyE1; path=/; secure; HttpOnly
sticky=stx22.884
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74a162585db2b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.betano.bg/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
200 OK 0 B URL HTTP/2 www.betano.bg/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/myaccount/ban/country-341629?alt=true
Cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; __cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; __cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg; __RequestVerificationToken=6fjlcCBNJAhRw6sr9CIVGNUYPWt0tdXixmTz2L6Yes2JTphGCCJIJTo0D6XCc5NFrr6WfWyyRkUX2vXhbej17PBVewzDi35TWuqZ2x-MZyE1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript
last-modified: Fri, 09 Sep 2022 17:33:45 GMT
etag: W/"631b78f9-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a162595f44b524-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 15 Sep 2022 13:56:04 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
www.betano.bg/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 0 B URL HTTP/2 www.betano.bg/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.betano.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/myaccount/ban/country-341629?alt=true
Cookie: btag=a_11914b_858c_w7p9ooeh3cuk3t0j2iaetg1o; __cf_bm=urZ21Q_hJk9vUkMv7_OhOAdaavkktmcgTeit01SOVA0-1663077364-0-AWr2rAS51NRRg5pg3likUPilGkWx/pb0vQVPHTd96vvT4z4rNdQ+xEhX84O4tZg2fhr8ntb7/kVzXaAzSiv9S+E=; __cflb=02DiuHykHkYVjZBE6tLZD7JbCtMXFvm27RLCoZxU2cJLg; __RequestVerificationToken=6fjlcCBNJAhRw6sr9CIVGNUYPWt0tdXixmTz2L6Yes2JTphGCCJIJTo0D6XCc5NFrr6WfWyyRkUX2vXhbej17PBVewzDi35TWuqZ2x-MZyE1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:04 GMT
content-type: application/javascript
last-modified: Fri, 09 Sep 2022 17:33:45 GMT
etag: W/"631b78f9-302c"
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a162596f49b524-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 15 Sep 2022 13:56:04 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
a.mgid.com/mgsensor.js?d=1663077352274
200 OK 0 B URL HTTP/2 a.mgid.com/mgsensor.js?d=1663077352274
IP
GET /mgsensor.js?d=1663077352274 HTTP/1.1
Host: a.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betano.bg/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 13:56:05 GMT
content-type: application/javascript
vary: Accept-Encoding
x-mg-request-uuid: 1b02b683-6274-45d4-9db7-ad4ec038ec09
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=eQKGQO.dTukqbxUEgJ6n.AOPWoqYJMgJ56Lf7OeYWAo-1663077365-0-AZlFprqT0XSnDVXmKnkjQVU6EnALbhP83F63kBecZX+KHhl/21Uw1C2aBi0l7rP9T6vJt1fe3SF1UkghYqGPncM=; path=/; expires=Tue, 13-Sep-22 14:26:05 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74a1625d292db4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
18.193.146.82
142.250.74.3
157.240.200.14
104.18.35.191
23.33.119.27
93.184.220.29