telewww.site/uz/env/nl
79.98.28.128301 Moved Permanently 238 B IP 79.98.28.128:0
ASN #212531 UAB Interneto vizija
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 931a194f06cb3e2607c30ff5d9a5bc59
b48b8c34d0a8cfb964ca42444e0bb194b5b64057
b6e43136dba3902eb4f8b31275cca41c2c39c079a5de519d823a75a18452c5b9
Analyzer Verdict Alert fortinet Phishing
GET /uz/env/nl HTTP/1.1
Host: telewww.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 11:59:48 GMT
Server: Apache
Location: http://telewww.site/uz/env/nl/
Content-Length: 238
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Sat, 03 Dec 2022 13:18:03 GMT
Date: Sat, 03 Dec 2022 11:59:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2867
Cache-Control: max-age=170351
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:48 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:18:59 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3368
Expires: Sat, 03 Dec 2022 12:55:56 GMT
Date: Sat, 03 Dec 2022 11:59:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 11:18:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2493
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: V8/iwujQiA8B9uz9WnVvB+Uq//sdec6TkqcA/QkibdOsYYngZ3imkSzMCVzIw4VWO6XdAfh+gWo=
x-amz-request-id: 64J6D2K2VNHAEHE2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 11:46:33 GMT
age: 795
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
telewww.site/uz/env/nl/
79.98.28.128302 Found 0 B IP 79.98.28.128:0
ASN #212531 UAB Interneto vizija
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /uz/env/nl/ HTTP/1.1
Host: telewww.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 03 Dec 2022 11:59:48 GMT
Server: Apache
Location: //whampamp.com/4/5087048?var=ed_error
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 11:59:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
whampamp.com/4/5087048?var=ed_error
139.45.197.236200 OK 613 B URL HTTP/1.1 whampamp.com/4/5087048?var=ed_error
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1c96ee4b976aa2b82417b6490166b7f1
39ff2fbb3c758daea62156bba9d994cfe0f99f7f
bdbce88c987fa2d05a406a84ddd2432d49bd01fd875b24a6296b2e15568df517
Analyzer Verdict Alert quad9 Sinkholed
GET /4/5087048?var=ed_error HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:59:48 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 55393656e8e39769886ff23bfb2a5c68
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://ntrfr.leovegas.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=5fd71c0405c8435d8b8404fbce696c7c; expires=Sun, 03 Dec 2023 11:59:48 GMT; path=/
oaidts=1670068788; expires=Sun, 03 Dec 2023 11:59:48 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9caeefc49be26de4b50c14df1aace81f
ef836496e49f843f0e4c2dc991c314aad13f0f2e
83203278dadec9319a72ccb142c413696d8bd09a25f1b6c8d1edef20405e90f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83203278DADEC9319A72CCB142C413696D8BD09A25F1B6C8D1EDEF20405E90F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15433
Expires: Sat, 03 Dec 2022 16:17:01 GMT
Date: Sat, 03 Dec 2022 11:59:48 GMT
Connection: keep-alive
whampamp.com/favicon.ico
139.45.197.236204 No Content 0 B IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=5fd71c0405c8435d8b8404fbce696c7c; oaidts=1670068788
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 11:59:48 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
my.rtmark.net/img.gif?f=merge&userId=5fd71c0405c8435d8b8404fbce696c7c
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=5fd71c0405c8435d8b8404fbce696c7c
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=5fd71c0405c8435d8b8404fbce696c7c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 11:59:49 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5fd71c0405c8435d8b8404fbce696c7c; expires=Sun, 03 Dec 2023 11:59:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 11:11:17 GMT
cache-control: public,max-age=3600
age: 2912
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ntrfr.leovegas.com/redirect.aspx?pid=3748557&bid=13362&rdk=rk1
95.101.10.168307 Temporary Redirect 0 B URL HTTP/2 ntrfr.leovegas.com/redirect.aspx?pid=3748557&bid=13362&rdk=rk1
IP 95.101.10.168:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=3748557&bid=13362&rdk=rk1 HTTP/1.1
Host: ntrfr.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://promo.leovegas.com/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 03 Dec 2022 11:59:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Dec 2022 11:59:49 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; SameSite=None;; domain=.leovegas.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d; domain=.leovegas.com; expires=Mon, 03-Dec-3021 11:59:49 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=25, origin; dur=68
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2789
Cache-Control: max-age=165211
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:53:20 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53cbeff28d043527b97a5eec043a3beb
36aa3351061b3d57017d6f36648ec194ccc4cd24
c42d90b9569f48a42aa824f814c5c3d0b279339497a8e20e12bebb6535d84d55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C42D90B9569F48A42AA824F814C5C3D0B279339497A8E20E12BEBB6535D84D55"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8602
Expires: Sat, 03 Dec 2022 14:23:11 GMT
Date: Sat, 03 Dec 2022 11:59:49 GMT
Connection: keep-alive
promo.leovegas.com/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
34.141.48.9301 Moved Permanently 32 B URL HTTP/2 promo.leovegas.com/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with no line terminators
Hash 39dacc1839fbc93e31c1d2d53217a24c
bab0715449a8c2d79b67b5fa7f7d464f774fb77d
391c5184370e9aa51e55f54f79e9cb518cabbdf1d0806db6a832f38b9364b28b
GET /mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362 HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
age: 0
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/plain; charset=utf-8
date: Sat, 03 Dec 2022 11:59:49 GMT
location: /no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPR63FRQVPCKZ6V3E96C1
x-xss-protection: 1; mode=block
content-length: 32
X-Firefox-Spdy: h2
promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
34.141.48.9200 OK 18 kB URL HTTP/2 promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6578)
Hash b313dc6923a26b4d66945bb4a2ec9d5c
9402f6e417b5b6092aa92047de5bae6ad4f37b5f
39f7a762641f551056d58eaf394547a7eb07d2b0354a8df75eb2ed93cdcb4775
GET /no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362 HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
age: 4870
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: text/html; charset=UTF-8
date: Sat, 03 Dec 2022 10:38:39 GMT
etag: "2e91493659af11a0bc35addd9f0a40b0-ssl-df"
link: </webpack-runtime.js>; rel=preload; as=script, </framework.js>; rel=preload; as=script, </dc6a8720040df98778fe970bf6c000a41750d3ae.js>; rel=preload; as=script, </app.js>; rel=preload; as=script, </47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js>; rel=preload; as=script, </7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js>; rel=preload; as=script, </ff324cc4fcad5c37469103212758a68962a91703.js>; rel=preload; as=script, </8e399fed3a6b1522e3959e34b00067a9519e807d.js>; rel=preload; as=script, </05901c0cdc340371e5e64de460e805993147c75a.js>; rel=preload; as=script, </component---src-templates-leo-universe-index-jsx.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/no/mc-livecasino/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRBK59275VFMF1WRGVGK
x-xss-protection: 1; mode=block
content-length: 17492
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ivr9imotUEzurObTH4MDHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5ypDIjasR1gKSCUl4spRjvBHiLk=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promo.leovegas.com/framework.js
34.141.48.9200 OK 42 kB URL HTTP/2 promo.leovegas.com/framework.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65469)
Hash 5f77f759194550bbd5a18054f44d3b48
b996d9b3131ded0d120f5fa00f3c336d35250d02
8fb0442d64405399d4d2479b62fb4b00731de7df02d043e321185185b41f24ac
GET /framework.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "3d0125bed4c14464add7699ae1f02689-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREG0XTJV2DPV1DG9G94
x-xss-protection: 1; mode=block
content-length: 42112
X-Firefox-Spdy: h2
promo.leovegas.com/dc6a8720040df98778fe970bf6c000a41750d3ae.js
34.141.48.9200 OK 4.2 kB URL HTTP/2 promo.leovegas.com/dc6a8720040df98778fe970bf6c000a41750d3ae.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (11901)
Hash bdd2aabfa66e96632039b2b607303c00
10a2e1d4f025f11bec61554fbd05cae1a44e6815
2a6d67c657a631152b3370590574a1fc84e28c01a1585104d85a2ac37860e876
GET /dc6a8720040df98778fe970bf6c000a41750d3ae.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "1b9626d69e8f7d91c2c5296e42b57d9c-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREHS7BNJPR64ZFTQV4M
x-xss-protection: 1; mode=block
content-length: 4159
X-Firefox-Spdy: h2
promo.leovegas.com/app.js
34.141.48.9200 OK 16 kB URL HTTP/2 promo.leovegas.com/app.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (51500)
Hash c946be763cc4e7820722271e15a2383d
feecaa8bbe3a295a6dc35e1e6f6e75642e3e1d02
4f03fa9fbee4015b19010d5880b4535769a2522a2e3dfbc7073b5d218ea550a7
GET /app.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "e391155f546c905dc145726a5e30148f-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREJD4STM39Y5GPSSTXZ
x-xss-protection: 1; mode=block
content-length: 15536
X-Firefox-Spdy: h2
promo.leovegas.com/47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js
34.141.48.9200 OK 6.2 kB URL HTTP/2 promo.leovegas.com/47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (16666)
Hash 5c4e7e14f8659373e45400cf68c97a41
a2df475919893462415902ab0da086acc4f77033
58b06d80fbd4927e361ce301821f790c35782282eb6943dc9ce6b786ec63b352
GET /47c41b0c4f3753646af9b0e10dfd7be6f02b99db.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "fe0210bddc69a9d370f7252ffb6e2d9c-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREKNMG7FV9CRVFYW0KC
x-xss-protection: 1; mode=block
content-length: 6218
X-Firefox-Spdy: h2
promo.leovegas.com/7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js
34.141.48.9200 OK 2.9 kB URL HTTP/2 promo.leovegas.com/7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (6980)
Hash 4befa7048021cd47bd7c590f8219a114
77130fee3b5db4ff69ac115ba6392d9fbb8158a6
ddb556400e35de0261e5bf2d35dbf9d494d203f570c05d88d61f580f9c7ccfa0
GET /7bdf0be5c8efe81cdad9ba3761024df107bef3b0.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "387b4e0f783ea29b7d13b832a918079b-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREKYEG0GPK5YYFPJ35Z
x-xss-protection: 1; mode=block
content-length: 2937
X-Firefox-Spdy: h2
promo.leovegas.com/8e399fed3a6b1522e3959e34b00067a9519e807d.js
34.141.48.9200 OK 33 kB URL HTTP/2 promo.leovegas.com/8e399fed3a6b1522e3959e34b00067a9519e807d.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65536), with no line terminators
Hash 464e51d8049dceec3f4ba74d397009d9
843aba9ccf65310a3656f849667c09c73cf7e2eb
3fb00de7e29f0471f9c3debd72685ae639ba102e6fdef3e40edcd763977bd034
GET /8e399fed3a6b1522e3959e34b00067a9519e807d.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "082cb5ea1fb285ec162d5641a9b4e1f4-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRENECW436CCGGH6YAQB
x-xss-protection: 1; mode=block
content-length: 33010
X-Firefox-Spdy: h2
promo.leovegas.com/component---src-templates-leo-universe-index-jsx.js
34.141.48.9200 OK 2.4 kB URL HTTP/2 promo.leovegas.com/component---src-templates-leo-universe-index-jsx.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (5773)
Hash c57f16f798f8bc3c281b33d6b29ab370
3608bcc2dfdd1261e8c6cd9bf43067a46c2fd8cf
337ee0d4a4c804aa58d7681b79a7e25f01d1b2d29de515ba3c6295632cdee006
GET /component---src-templates-leo-universe-index-jsx.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "5051e86b9efea68a06b141f1b1eabc7e-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREP8SMBZ5PZAP55SECK
x-xss-protection: 1; mode=block
content-length: 2414
X-Firefox-Spdy: h2
promo.leovegas.com/webpack-runtime.js
34.141.48.9200 OK 1.5 kB URL HTTP/2 promo.leovegas.com/webpack-runtime.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (2978)
Hash 46bdc23c4790cbbed3d827635a14b9ee
333d0366b5521022f0b2b713934f63c7561fd304
cdc829772958aa6c44fe420e9cc3a7b44503b5b48e7a7d957f426ffc58adf078
GET /webpack-runtime.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "c74486ef72d21cbc9a65e338b975bd28-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREG4FN1BFDNG15XK6YD
x-xss-protection: 1; mode=block
content-length: 1511
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/app-data.json
34.141.48.9200 OK 50 B URL HTTP/2 promo.leovegas.com/page-data/app-data.json
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text
Hash 26bbc30fb95a59f85a4c4ea44452a800
26ce9c4a4cccd5400d9d6661a8129ba9d90bba28
f813c77f52799503d269af274d016ca0ccb1704c7d08fd408f5f0c31d1cb992c
GET /page-data/app-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "baa83e032b63fc2db07d7ae42e54e800-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRFJFS10H3KSTJ0REF6S
x-xss-protection: 1; mode=block
content-length: 50
X-Firefox-Spdy: h2
promo.leovegas.com/05901c0cdc340371e5e64de460e805993147c75a.js
34.141.48.9200 OK 46 kB URL HTTP/2 promo.leovegas.com/05901c0cdc340371e5e64de460e805993147c75a.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65438)
Hash 44deeb76a98ab386414deb34d45028c0
24954a1197a9ad874069f66729f0478b7e708b6c
9c5bb1b1fa4bfa6b160707e53e54c5634b45effc8d9a2ec4b4e143fc8aa6101e
GET /05901c0cdc340371e5e64de460e805993147c75a.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "a1dd66e95c1fdb604484288f009163ac-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRENQXW67YH5CG3H1111
x-xss-protection: 1; mode=block
content-length: 46547
X-Firefox-Spdy: h2
promo.leovegas.com/ff324cc4fcad5c37469103212758a68962a91703.js
34.141.48.9200 OK 100 kB URL HTTP/2 promo.leovegas.com/ff324cc4fcad5c37469103212758a68962a91703.js
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Unicode text, UTF-8 text, with very long lines (65236)
Size 100 kB (100094 bytes)
Hash ad88f25650fae49a89fdea1db069a4b8
945d798c5c411c31717244ac1e79877005511e86
859f0841a883e48ffed94f52e3fa2b98a32f62105033550705d2ccd9a7e12056
GET /ff324cc4fcad5c37469103212758a68962a91703.js HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 43894
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/javascript; charset=UTF-8
date: Fri, 02 Dec 2022 23:48:15 GMT
etag: "b2df2a4ac43635c5d0f6fffa00de03fe-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPREN0V86AGAXSRAR3TTB
x-xss-protection: 1; mode=block
content-length: 100094
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promo.leovegas.com/page-data/sq/d/2280590532.json
34.141.48.9200 OK 2.0 kB URL HTTP/2 promo.leovegas.com/page-data/sq/d/2280590532.json
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text, with very long lines (13542), with no line terminators
Hash ec88262134b19a9bb16f8af3754bdd1c
a19b047fb4bb76664d9feb17807af9815924fdba
654dece32d8cc23ec5163af5cc9e2f779f58a322143171af27095fa0ef7b458b
GET /page-data/sq/d/2280590532.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "c90f1d18d9026cdd03b789e0b4acea02-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRFJAB6YD8MKGRDT4V2P
x-xss-protection: 1; mode=block
content-length: 1973
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
34.141.48.9200 OK 8.9 kB URL HTTP/2 promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (24270), with no line terminators
Hash fecefa4e0491c66c875f0fdf2ab6ad7d
45b57f46d4a03f601feb7f66faf3b516ac13b79b
2be881ad097ca87ff130a751b4ccd4db4b275e1c3a889375dd9838681ef5fa3d
GET /page-data/no/mc-livecasino/page-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 4869
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Sat, 03 Dec 2022 10:38:40 GMT
etag: "1d0a2750ffb3a1a6662744ba5c52d8c0-ssl-df"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRFJ0QN7HYMRXQQ2XNGY
x-xss-protection: 1; mode=block
content-length: 8899
X-Firefox-Spdy: h2
promo.leovegas.com/page-data/app-data.json
34.141.48.9200 OK 50 B URL HTTP/2 promo.leovegas.com/page-data/app-data.json
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type JSON data\012- , ASCII text
Hash 26bbc30fb95a59f85a4c4ea44452a800
26ce9c4a4cccd5400d9d6661a8129ba9d90bba28
f813c77f52799503d269af274d016ca0ccb1704c7d08fd408f5f0c31d1cb992c
GET /page-data/app-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45104
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: application/json
date: Fri, 02 Dec 2022 23:28:05 GMT
etag: "baa83e032b63fc2db07d7ae42e54e800-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRJA1V7H045A384K81GE
x-xss-protection: 1; mode=block
content-length: 50
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a610bbdb2582c10519d8735987207713
410ff24a149dc89198f48f7ae8cbd7d215b72de7
081eba71bf580e9fb0fd84b05e11b343112c0792fc88714f07a4aab5d6911a2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 475
Cache-Control: max-age=161799
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Etag: "638b0d61-1d7"
Expires: Mon, 05 Dec 2022 08:56:28 GMT
Last-Modified: Sat, 03 Dec 2022 08:48:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap
142.250.74.106200 OK 34 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap
IP 142.250.74.106:0
Hash 2ca8a292edc217943474a9c1dbe62295
b019d7965c100c29fda782ac91b8abde88642a72
420730ceff6a80b93533fc0b530e4048c2a8e3255375014684fe73c8c0037d15
GET /css2?family=Roboto+Slab:wght@400;700&family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 11:59:49 GMT
date: Sat, 03 Dec 2022 11:59:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
34.141.48.9304 Not Modified 0 B URL HTTP/2 promo.leovegas.com/page-data/no/mc-livecasino/page-data.json
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page-data/no/mc-livecasino/page-data.json HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: "1d0a2750ffb3a1a6662744ba5c52d8c0-ssl-df"
TE: trailers
HTTP/2 304 Not Modified
cache-control: public, max-age=0, must-revalidate
date: Sat, 03 Dec 2022 11:59:49 GMT
etag: "1d0a2750ffb3a1a6662744ba5c52d8c0-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01GKBXPRMB0QR01871XXT5GMW7
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://promo.leovegas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 231955
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://promo.leovegas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 231934
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a610bbdb2582c10519d8735987207713
410ff24a149dc89198f48f7ae8cbd7d215b72de7
081eba71bf580e9fb0fd84b05e11b343112c0792fc88714f07a4aab5d6911a2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 475
Cache-Control: max-age=161799
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:49 GMT
Etag: "638b0d61-1d7"
Expires: Mon, 05 Dec 2022 08:56:28 GMT
Last-Modified: Sat, 03 Dec 2022 08:48:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
d33wubrfki0l68.cloudfront.net/c818ec80d6e62941b42b67882bad573e7368d801/c4d7c/static/leovegas-casino-logo-303a40e8ff4725493d0d2eac998219ea.png
143.204.42.148200 OK 24 kB URL HTTP/2 d33wubrfki0l68.cloudfront.net/c818ec80d6e62941b42b67882bad573e7368d801/c4d7c/static/leovegas-casino-logo-303a40e8ff4725493d0d2eac998219ea.png
IP 143.204.42.148:0
File type PNG image data, 385 x 93, 8-bit/color RGBA, non-interlaced\012- data
Hash 303a40e8ff4725493d0d2eac998219ea
c818ec80d6e62941b42b67882bad573e7368d801
0163e1e689f26f9d4162e1d731525521a975eb299449ecc789e7c6d335f78e85
GET /c818ec80d6e62941b42b67882bad573e7368d801/c4d7c/static/leovegas-casino-logo-303a40e8ff4725493d0d2eac998219ea.png HTTP/1.1
Host: d33wubrfki0l68.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 24411
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31556926
date: Tue, 09 Aug 2022 12:22:43 GMT
etag: 47262b62fb231e87722d31776845e7499242a80d
server: Netlify
x-nf-request-id: 01GA18XAERW43J32K8E2PBQ65P
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xQ7rcIWfu5axAS2C0lcTEYi3f8YxRsZ0NsEPRbwGN8mfx3bevYUf6A==
age: 10021028
X-Firefox-Spdy: h2
promo.leovegas.com/favicons/apple-touch-icon-180x180.png
34.141.48.9200 OK 39 kB URL HTTP/2 promo.leovegas.com/favicons/apple-touch-icon-180x180.png
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d677d2696a6decac62f6ae6702110e6
330819e2d40298fe76abf3b0a5b94365e48f043e
80ffeb0c1602f33c10915cee07509fd9bc89368bb7d423cd586c684aed55ce0a
GET /favicons/apple-touch-icon-180x180.png HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 46590
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: image/png
date: Fri, 02 Dec 2022 23:03:21 GMT
etag: "bd6a26674a3b22b624e57beaa0e264ce-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRQKTPYTVXBGB872QS6P
x-xss-protection: 1; mode=block
content-length: 39348
X-Firefox-Spdy: h2
promo.leovegas.com/favicons/favicon-16x16.png
34.141.48.9200 OK 950 B URL HTTP/2 promo.leovegas.com/favicons/favicon-16x16.png
IP 34.141.48.9:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash a4d8c288ccfff5eed3db7050117eb6a5
4873ff662ffd8fed661fac12bf2edb25188a2d4e
710d82b385bbc48af160251f0b4444b7065d8bc6df0afaaa13fbf2e04356fe0d
GET /favicons/favicon-16x16.png HTTP/1.1
Host: promo.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://promo.leovegas.com/no/mc-livecasino?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
age: 45103
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self' https://optimize.google.com
content-type: image/png
date: Fri, 02 Dec 2022 23:28:07 GMT
etag: "c1bceb1f74a704a9483fd657a223776e-ssl"
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 01GKBXPRQSBZWQRR9EQ0YTKR1J
x-xss-protection: 1; mode=block
content-length: 950
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/gtm/optimize.js?id=OPT-K5XRHTM
142.250.74.110200 OK 47 kB URL HTTP/2 www.google-analytics.com/gtm/optimize.js?id=OPT-K5XRHTM
IP 142.250.74.110:0
File type ASCII text, with very long lines (2698)
Hash 29e85d7d76b70dbfdfb3cfc3eadf1b9e
0822e105b6347f5e4518050497cd46d5aa8ad7f8
58ff89e5d5d9c4ab15bd18312b4c9e41506b03307bdbc792ac391e0e6d740ca6
GET /gtm/optimize.js?id=OPT-K5XRHTM HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Dec 2022 11:59:50 GMT
expires: Sat, 03 Dec 2022 11:59:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46839
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-380080.js?sv=7
54.230.111.113200 OK 6.5 kB URL HTTP/2 static.hotjar.com/c/hotjar-380080.js?sv=7
IP 54.230.111.113:0
File type Unicode text, UTF-8 text, with very long lines (19775)
Hash ce87607b3f870f2042b52d3c00e91b1f
d3a5ebfe1106a117884c3f21d55ae71071d1691d
dcd3035b0e1e80c107f1f1c8c7b52bd7c617adb587c1a67a6cafc3ac54640040
GET /c/hotjar-380080.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 11:59:13 GMT
cache-control: max-age=60
etag: W/405598772e716f6fcf0cf0675adb490e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yRndX62RZxeFnzat0GKtOunjchqkiw0WtsYQjtIa4JS_LUyr_nz08w==
age: 37
X-Firefox-Spdy: h2
d33wubrfki0l68.cloudfront.net/bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js
143.204.42.148200 OK 402 kB URL HTTP/2 d33wubrfki0l68.cloudfront.net/bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js
IP 143.204.42.148:0
Size 402 kB (402386 bytes)
Hash c601cbb43154e276827f9b46101a57d5
82ed69a16062bd0f92e29d7441d08316ae7580ef
f97abf8b8e9778915314efd52c0bdfcd9e84ec501ac5b7229667573467b00607
GET /bundles/3a60bb6a829d13f7c019df18e77514f50ca92ed6.js HTTP/1.1
Host: d33wubrfki0l68.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31556926
content-encoding: gzip
date: Fri, 02 Dec 2022 10:49:37 GMT
etag: 66f93c87163e873e252c560c1a9704ceaf34ec82-df
server: Netlify
x-nf-request-id: 01GK979FR7N73YRV2MWGMJCPAZ
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KDx3VPttkEyGKYXsXcQD1R9NSP4i9OMiHmvGl-A5fl8ly9W4qvWsFQ==
age: 90613
X-Firefox-Spdy: h2
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
143.204.55.101200 OK 1.1 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP 143.204.55.101:0
Hash 829a253e4f6f8acbce562ed115651f10
2883ee68b0b888f0ccd3e216374f969cd736d983
987fd4c704413483a00c189e2b237603cfb3e53642f589a2eddb91ca9f2f74df
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LcKnUxx9Ei_WgqygS4D5skqdBK5oEcaxJpL4lt2bJYU7uOzPx4wsGw==
age: 859784
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90d06e8f365504be0b95e3f0609db269
ad8189bff6ab0adb6aff6333f77b9062f0bff6ad
a45cd2d1b38c57550a3b4ad2e37f455f7e11d24558937929582d3ee8f2d23f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A45CD2D1B38C57550A3B4AD2E37F455F7E11D24558937929582D3EE8F2D23F2A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3602
Expires: Sat, 03 Dec 2022 12:59:52 GMT
Date: Sat, 03 Dec 2022 11:59:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 98c7cbe55ef2c03504de9a1c11c48448
5490eee01dd5cd3cdb1605e6fcf58bdb811a6197
dd553c506497567a0992dac8bd754285147008a0db2fae3a0fd94c3718ca06f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2226
Cache-Control: max-age=136605
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Etag: "638aa421-1d7"
Expires: Mon, 05 Dec 2022 01:56:35 GMT
Last-Modified: Sat, 03 Dec 2022 01:19:29 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90d06e8f365504be0b95e3f0609db269
ad8189bff6ab0adb6aff6333f77b9062f0bff6ad
a45cd2d1b38c57550a3b4ad2e37f455f7e11d24558937929582d3ee8f2d23f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A45CD2D1B38C57550A3B4AD2E37F455F7E11D24558937929582D3EE8F2D23F2A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3602
Expires: Sat, 03 Dec 2022 12:59:52 GMT
Date: Sat, 03 Dec 2022 11:59:50 GMT
Connection: keep-alive
images.ctfassets.net/kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp
54.230.111.2200 OK 94 kB URL HTTP/2 images.ctfassets.net/kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp
IP 54.230.111.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7ae24e8aa6154835684d65e7a288af63
470b516dc32dd2cf03260e98a56ee035479bfd80
5daea65e65c03202b0aa2ca21fadab1ea769abe71de3b0ae294f9fc803b04122
GET /kijvoxi4q0zn/2iAjKx7BVB0peDlsYR6ZWZ/25d3852a638962f07b3a309c578fb221/LV_LP_desktop_LiveCasino_LPupdate_NO_Affiliates_D90196_RF_102022.jpg?w=1920&h=1080&q=50&fm=webp HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
content-length: 93882
last-modified: Fri, 11 Nov 2022 12:43:16 GMT
server: Contentful Images API
access-control-allow-origin: *
date: Fri, 02 Dec 2022 12:23:24 GMT
cache-control: max-age=31536000
etag: "7ae24e8aa6154835684d65e7a288af63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pl6a4BDLvot07TCl0e9uZCrXCIVTNay7JkY9zfaoZUKlgZ20pimrjg==
age: 84986
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 08ca0238100c906a665f21b1caa97f47
3f605891faeafb51a36cecd25d331bcc450d34e9
35dac74d71c723f7a8e7585174fad51a0115e4a294a2c0d80b63026e25825618
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_gid=994871597.1670068789&gjid=1682096566&_v=j98&z=1116737072
108.177.14.156302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_gid=994871597.1670068789&gjid=1682096566&_v=j98&z=1116737072
IP 108.177.14.156:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 601efcda020d411e2b03e9599ab9e2d1
6ccd00507ec45ff719c66bb82dba032e4e1696c4
cbd1534ce1d73125eb5a6d3de1cd19bb4b01b18b0ea8cf7cadf98b3ff9e8bf8b
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_gid=994871597.1670068789&gjid=1682096566&_v=j98&z=1116737072 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072
access-control-allow-origin: null
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Dec 2022 11:59:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9785
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 11:59:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1377c2956f6d4d989e6fafbe01600b49
7a550dd67e42a8f1ba1468646af02691d0580345
4e0206cd8e1112cdefa7f974876461a968bbcbbf016b1b1c2e3af77346507886
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9785
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 11:59:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9785
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 11:59:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 08ca0238100c906a665f21b1caa97f47
3f605891faeafb51a36cecd25d331bcc450d34e9
35dac74d71c723f7a8e7585174fad51a0115e4a294a2c0d80b63026e25825618
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 51716
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 11:59:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072&slf_rd=1&random=870537709
access-control-allow-origin: null
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbee75c6c314655f738b57b828bef016
bb36d39c7adf764e8a7dcf7f91125001623975b4
fd40949b9711db01be746d1723f78c2bb04d356063c6249b8b5ae1470532367a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10877
x-amzn-requestid: bebc4f7f-7349-4973-99f5-d6c3b8a27072
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1G2uIAMFryg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-0637a1a946db78074bc19dc3;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wtaahzdJXnHSYwqIlHyqFy-LsdPl1Nh-CThm-x57bU3dUEgrfB1Gvw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 51723
etag: "bb36d39c7adf764e8a7dcf7f91125001623975b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:53:40 GMT
age: 21970
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 21540
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 48046
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 51723
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1f3a4f3edea56419c58836a0c80d5cea
1558a7ad0acc0c09cdf39ec92030f7ee5736e595
70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d177680f261fa0b5bf3d5ae3ed69af85
96cdc11262db0a9531fe0cd00e908f3e824c89b3
08eac8282cf4566d382816edac93db8581b65dc2898fc7ea80d7424224ed29ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072&slf_rd=1&random=870537709
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072&slf_rd=1&random=870537709
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25600410-30&cid=555444842.1670068788&jid=1524063229&_v=j98&z=1116737072&slf_rd=1&random=870537709 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 11:59:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
access-control-allow-origin: null
access-control-allow-credentials: true
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d177680f261fa0b5bf3d5ae3ed69af85
96cdc11262db0a9531fe0cd00e908f3e824c89b3
08eac8282cf4566d382816edac93db8581b65dc2898fc7ea80d7424224ed29ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:59:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
leo-promo-redirect-service.leo-prod-common.lvg-tech.net/_geofetch
34.117.190.191200 OK 0 B URL HTTP/2 leo-promo-redirect-service.leo-prod-common.lvg-tech.net/_geofetch
IP 34.117.190.191:0
GET /_geofetch HTTP/1.1
Host: leo-promo-redirect-service.leo-prod-common.lvg-tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promo.leovegas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, GET
access-control-max-age: 3600
content-type: application/json
date: Sat, 03 Dec 2022 11:59:50 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.leovegas.com/set-affiliate-domain-cookie?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362&lobby=livecasino
107.154.248.168200 OK 0 B URL HTTP/2 www.leovegas.com/set-affiliate-domain-cookie?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362&lobby=livecasino
IP 107.154.248.168:0
GET /set-affiliate-domain-cookie?btag=100665320_E0BD360071A343D48D4AC907385D5F4A&rdk=rk1&pid=3748557&bid=13362&lobby=livecasino HTTP/1.1
Host: www.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d; _ga_R99CHBN90V=GS1.1.1670068788.1.0.1670068788.0.0.0; _ga=GA1.1.555444842.1670068788; FPLC=1filMYKqky%2FatPHBSC7jyw0OuZI9KOv4mAuQ%2Fz43Ds2TGIBq%2Ft6NzzcBAk%2FM%2FN04eJNaONwdMIpW32GXI7AsQ%2BSZZm4Bkb7OUZ%2FLpjDpEYPp79WRQFJt8YQRIG%2FmVg%3D%3D; FPID=FPID2.2.SsVXYuSW9PLeM9FK%2FPJqMVr8tDnwCX4k4bNP2ts3TyM%3D.1670068788
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 11:59:50 GMT
content-type: application/json; charset=utf-8
content-encoding: gzip
set-cookie: leobtag=100665320_E0BD360071A343D48D4AC907385D5F4A; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrpid=3748557; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrbid=13362; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
leonrmeta=[{"value":"rk1","key":"rdk"},{"value":"livecasino","key":"lobby"}]; Max-Age=3888000; Domain=.leovegas.com; Path=/; HttpOnly; Secure
visid_incap_846569=EVB3vy9ISZaQ/9LwS4VnmDY6i2MAAAAAQUIPAAAAAAAKEw5PAQAVKJDmDg9LAAq1; expires=Sat, 02 Dec 2023 22:16:34 GMT; HttpOnly; path=/; Domain=.leovegas.com; Secure; SameSite=None
nlbi_846569=WtknOPJ6gzkL7DmKTJV9qQAAAABt1E2LaVH7O3ejX5tXYmk3; path=/; Domain=.leovegas.com; Secure; SameSite=None
incap_ses_722_846569=PO+tcWF2USZaBmLrFxAFCjY6i2MAAAAAOSrTxzGbbYIlsJURCc2xVg==; path=/; Domain=.leovegas.com; Secure; SameSite=None
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cdn: Imperva
x-iinfo: 11-55095640-55095454 PNNy RT(1670068790442 41) q(0 0 0 0) r(1 1) U12
X-Firefox-Spdy: h2
sgtm.leovegas.com/gtm.js?id=GTM-WGS5KD
34.107.236.224200 OK 0 B URL HTTP/2 sgtm.leovegas.com/gtm.js?id=GTM-WGS5KD
IP 34.107.236.224:0
GET /gtm.js?id=GTM-WGS5KD HTTP/1.1
Host: sgtm.leovegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3748557%2c%22BID%22%3a13362%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670068789232)%5c%2f%22%2c%22CookieTag%22%3a%22133623748557451240919C20221231159%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222736448881%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx/1.23.2
date: Sat, 03 Dec 2022 11:59:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: private, max-age=900
expires: Sat, 03 Dec 2022 12:14:25 GMT
last-modified: Sat, 03 Dec 2022 09:00:00 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2