firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: K6iHS4ZkNKn30QhYl5AcJBbds3fK5zW72K4dCxl1ZMPTtaPIAthGDA==
Age: 178434
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9924
Expires: Fri, 07 Oct 2022 20:06:36 GMT
Date: Fri, 07 Oct 2022 17:21:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15856
Expires: Fri, 07 Oct 2022 21:45:28 GMT
Date: Fri, 07 Oct 2022 17:21:12 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dDG7ruAUnOaIfUhHfHEGSVDI0/aTsZ2x2Y1MO6eyBRuQ357lpb7B5wyLnQfH9HHLyY2fCWTG0h0=
x-amz-request-id: YXSFW9CSVHK7EWFB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 16:59:15 GMT
age: 1317
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9d3f41a61661d2234a7ef5aba867bfe4
a37b1eb419019a4fa8e8d78217befec829de4820
b4351764bec263cb45d2a82baa7f20b40585f244ee371ac95221f775deffc5b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4351764BEC263CB45D2A82BAA7F20B40585F244EE371AC95221F775DEFFC5B7"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21527
Expires: Fri, 07 Oct 2022 23:19:59 GMT
Date: Fri, 07 Oct 2022 17:21:12 GMT
Connection: keep-alive
photo.1msvq.com/c1n9Qf3n
64.227.15.24200 OK 248 B IP 64.227.15.24:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text
Hash 99269b4ad51d8d83667d3e031a84d772
ec959579e884a63d27495cb9a8aaad6592a5d4f8
bd288dc90fe4442f13f59e32b64ff5fc48583cd85e591946f2c9927696499bc6
Analyzer Verdict Alert fortinet Malware
GET /c1n9Qf3n HTTP/1.1
Host: photo.1msvq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 17:21:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 248
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=376l60jb711;Expires=Monday, 07-Nov-2022 17:21:12 GMT;Max-Age=2678400;Path=/
dbeae=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIyOTk4XCI6MTY2NTE2MzI3Mn0sXCJjYW1wYWlnbnNcIjp7XCIxMTQ5OVwiOjE2NjUxNjMyNzJ9LFwidGltZVwiOjE2NjUxNjMyNzJ9In0.-ksOq8PSdvkGLgt-li1_qhFSwLgG7uTLkAjzjOiAfA0;Expires=Monday, 15-Jul-2075 10:42:24 GMT;Max-Age=1665249672;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 16:42:40 GMT
Cache-Control: max-age=3600
Expires: Fri, 07 Oct 2022 17:20:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: E40ZbhVtEelbesM2ptaW46qzZdif5ViB4hSVAznCB0POuv6ZbrzjRg==
Age: 3091
photo.1msvq.com/favicon.ico
64.227.15.24404 Not Found 146 B URL HTTP/1.1 photo.1msvq.com/favicon.ico
IP 64.227.15.24:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: photo.1msvq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://photo.1msvq.com/c1n9Qf3n
Cookie: _subid=376l60jb711; dbeae=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIyOTk4XCI6MTY2NTE2MzI3Mn0sXCJjYW1wYWlnbnNcIjp7XCIxMTQ5OVwiOjE2NjUxNjMyNzJ9LFwidGltZVwiOjE2NjUxNjMyNzJ9In0.-ksOq8PSdvkGLgt-li1_qhFSwLgG7uTLkAjzjOiAfA0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 07 Oct 2022 17:21:12 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3882
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:12 GMT
Last-Modified: Fri, 07 Oct 2022 16:16:30 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.27.12.161101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.27.12.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SOkwVQpSwnhm0/QzkAGd7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y1AmWaJwY1fPFDEguVC6nep7nkM=
o7mn.com/wander/?api=1&lan=mobil&ht=2
217.21.65.182200 OK 117 B URL HTTP/2 o7mn.com/wander/?api=1&lan=mobil&ht=2
IP 217.21.65.182:0
ASN #47583 Hostinger International Limited
File type ASCII text, with no line terminators
Hash b3c94ab09e070fe6657870d8633d0e24
4683411c6db11814e189a4b973f36e72fb24d8b5
eb8aa0b9a917b71f2414990dbd12b7a8572812d4a0c8a46cc317f9f046c9efd2
GET /wander/?api=1&lan=mobil&ht=2 HTTP/1.1
Host: o7mn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://photo.1msvq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/7.4.30
set-cookie: PHPSESSID=a12dd88740bb17dbd76d69b52c481f72; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 117
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 17:21:13 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f3970d61e708960f48701c82ad04ed62
63768af4cbf83b570c01e42fca8726695069b7bc
c7d21530dc8d64894117e31f6494352465c2eed7eec190656e9104423eab75a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7D21530DC8D64894117E31F6494352465C2EED7EEC190656E9104423EAB75A1"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21481
Expires: Fri, 07 Oct 2022 23:19:14 GMT
Date: Fri, 07 Oct 2022 17:21:13 GMT
Connection: keep-alive
contentrightnow.com/?k=f88c72c6e3fc530c30e3df9d480c3832&type=mainstream&subtype=global
64.227.23.114302 Found 0 B URL HTTP/1.1 contentrightnow.com/?k=f88c72c6e3fc530c30e3df9d480c3832&type=mainstream&subtype=global
IP 64.227.23.114:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?k=f88c72c6e3fc530c30e3df9d480c3832&type=mainstream&subtype=global HTTP/1.1
Host: contentrightnow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://photo.1msvq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.16.1 (Ubuntu)
Date: Fri, 07 Oct 2022 17:21:13 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: https://gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a24654847251f575a72d9f69df912c85
6b42fccd723878866d457d7ca63c1bda581533e8
bfe7cfb6e268526eda751f6e4feb52828839c0bf59bad234040ca54fc468e478
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BFE7CFB6E268526EDA751F6E4FEB52828839C0BF59BAD234040CA54FC468E478"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15967
Expires: Fri, 07 Oct 2022 21:47:21 GMT
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: keep-alive
gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7
139.45.197.239302 Found 0 B URL HTTP/2 gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7 HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photo.1msvq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 07 Oct 2022 17:21:14 GMT
content-length: 0
location: https://tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=702&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D702%26ymid%3De16d715bbae3923c42936774e8d99eb7%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 47b76ab6e57faba9539a4ca1eb67fb8c
link: <https://tagstaticx.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=091e473ec3cd4261a97ade116a8851fa; expires=Sat, 07 Oct 2023 17:21:14 GMT
oaidts=1665163274; expires=Sat, 07 Oct 2023 17:21:14 GMT
phpckd4677281=true; expires=Sat, 08 Oct 2022 17:21:14 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11324
Expires: Fri, 07 Oct 2022 20:29:58 GMT
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11324
Expires: Fri, 07 Oct 2022 20:29:58 GMT
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11324
Expires: Fri, 07 Oct 2022 20:29:58 GMT
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11324
Expires: Fri, 07 Oct 2022 20:29:58 GMT
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed3fa86bbe319c9a2f81ff625e677cb0
e3d5210207f6ff922bc28e328285059c19a523a4
5919694bd942a4f25d5b7ffc3f8aee1af6cdb8461d4ba3dba9a2e72cf19164c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7261
x-amzn-requestid: e1bdf299-b29e-4f58-9c8a-33f5dacdb081
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBELYoAMFfgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-1969b32c6f4f7e5749e7caa0;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: FO5iGJFmDfdklhzIVOxp4x3AV7ltFqBDDlYBz39Zzx99t7oykNR2WQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 70654
etag: "e3d5210207f6ff922bc28e328285059c19a523a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg
34.120.237.76200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17df62c3e2ed48ba9c788f5e1b3b702f
854c326016059d67fae42cc34905d0feb58cb6fc
d0bee7a7e629f6594a79bad563bb91c71a17768c2f347fd4a366f7f0daf94fda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2478
x-amzn-requestid: ed2a2dca-5367-42c1-b982-07a39762063e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmigWFvGIAMF9CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ace-6fabb7845e4d04613897a866;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: GFxAiO1AQfV1-pVy0NBmc9VoQoxBuBeOWsbPkVpOuT06D8Tw_YuZfA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:18:30 GMT
age: 68564
etag: "854c326016059d67fae42cc34905d0feb58cb6fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4572451a09430ca7a9203f14ddc035ba
46e17c44fba23988d7a9d9832c411ba2810136c3
fa54e73c4b32d8e109504ebcd46e4316de8143f44b7eae20a44ba63d14a6f24b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8445
x-amzn-requestid: 7d295b3b-29d6-4b2e-8314-c9055d1def80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmju5FxwoAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4cc5-3f58c18b1159ad512c60422b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:46:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: DC1ECXhkAhfdrU8ZyMhhDdwydsq4PQfzzGOPd-REjCkCsDbXQLnLiA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:57 GMT
etag: "46e17c44fba23988d7a9d9832c411ba2810136c3"
content-type: image/jpeg
age: 69137
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:50 GMT
age: 69144
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16339989f5c6c229a3dcc0ed1e52032f
a1ea26d6e4eb4a72cc8c87100b40035dab69d285
16703f888ee6f974bb89e1c4c16a75186b31b64130abcd1a3bcd3741159d912c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13437
x-amzn-requestid: ec801fbc-c339-46ce-ac5f-18d064e5ef21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_HdeoAMFyOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-02b52b770e6e76cf52b26e47;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Iesqk_XbGiZE-n3mTa1_1WtlXiyEqz-4qfyt3_609O1eujdLcFu3zA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:47:25 GMT
age: 70429
etag: "a1ea26d6e4eb4a72cc8c87100b40035dab69d285"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Vy9jQu1a8BGypY4C4u_9gao5wPEkVHgArhG2zMNdH8KfBS0lfmyHBA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 70654
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=521644,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684fe1de1eb4fa-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6ce3741f19a9930463153e70d8ccf4c5
72ca642bb67d010faff53d8a0d6b735786cce86b
861d33701d66e53a58f7c4742b348a7594d3725f268231b6421cb70d903b5923
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 21:40:14 GMT
Expires: Thu, 13 Oct 2022 21:40:13 GMT
Etag: "72ca642bb67d010faff53d8a0d6b735786cce86b"
Cache-Control: max-age=533338,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684fe21f41b521-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6ce3741f19a9930463153e70d8ccf4c5
72ca642bb67d010faff53d8a0d6b735786cce86b
861d33701d66e53a58f7c4742b348a7594d3725f268231b6421cb70d903b5923
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 21:40:14 GMT
Expires: Thu, 13 Oct 2022 21:40:13 GMT
Etag: "72ca642bb67d010faff53d8a0d6b735786cce86b"
Cache-Control: max-age=533338,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684fe218481bfa-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6ce3741f19a9930463153e70d8ccf4c5
72ca642bb67d010faff53d8a0d6b735786cce86b
861d33701d66e53a58f7c4742b348a7594d3725f268231b6421cb70d903b5923
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 21:40:14 GMT
Expires: Thu, 13 Oct 2022 21:40:13 GMT
Etag: "72ca642bb67d010faff53d8a0d6b735786cce86b"
Cache-Control: max-age=533338,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684fe21e5cb4fa-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash cec0c16ae4c45817ea99b55407be10ac
ee6ab10b155a0ec4d0a558b3598a30cafd0344ab
270418008476386bff803b3e64eb80f235a4832a9083457f92131c4ae3eaf2d6
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://tagstaticx.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f6646f6b42374cc0b931fb2e3206d98f; expires=Sat, 07 Oct 2023 17:21:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tagdatax.com/version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 57 B URL HTTP/1.1 tagdatax.com/version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 130ad3885fc19300e68c8a8a972541dc
5b171b75024fa06224c0cc2c64d65c27116038ae
c3697642a16bd882b6a975cb8c6f54e2e9d8ff4a3418803ddbc6726861e35d20
GET /version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/javascript
Content-Length: 57
Connection: keep-alive
Cache-Control: private, max-age=63072000
tagdatax.com/ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
tagdatax.com/pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 28 B URL HTTP/1.1 tagdatax.com/pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 160988f32f3a9fc12fd2958350f5a758
ea0e78c6b9e28345b0c69748ed7b4a6dca96c711
3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18
GET /pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: image/jpeg
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag
Etag: a091114a-587e-4a34-b709-0ba68b2a4b2f
Cache-Control: private, must-revalidate, proxy-revalidate
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tagdatax.com/etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 381
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
142.250.74.164200 OK 6.0 kB URL HTTP/2 www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
IP 142.250.74.164:0
File type PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash 8f9327db2597fa57d2f42b4a6c5a9855
1737d3dfb411c07b86ed8bd30f5987a4dc397cc1
5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5969
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
IP 142.250.74.164:0
File type PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 80fa4bcab0351fdccb69c66fb55dcd00
26f471f6ebe3b11557506f6ae96156e0a3852e5b
262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
GET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 13504
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png
142.250.74.164200 OK 7.0 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png
IP 142.250.74.164:0
File type PNG image data, 320 x 112, 8-bit/color RGBA, non-interlaced\012- data
Hash d6b993cd3a71d84e8dd51dc9bf01f537
41f57a52be2447b7b4ee458887e860a702150396
9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
GET /images/branding/googlelogo/2x/googlelogo_color_160x56dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7048
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png
142.250.74.164200 OK 3.9 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png
IP 142.250.74.164:0
File type PNG image data, 180 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash c198051c3b22e6fa2e26712e855da980
6cac1226aff75d94809534c373f43a28253879da
a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
GET /images/branding/googlelogo/2x/googlelogo_color_90x40dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3934
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png
142.250.74.164200 OK 5.1 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png
IP 142.250.74.164:0
File type PNG image data, 240 x 88, 8-bit/color RGBA, non-interlaced\012- data
Hash 8d2b7f3d00f50b8aebb7d1c002c64ca1
b3d5a78c18020868d322a0ac54c9d8e45a59a3b3
29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
GET /images/branding/googlelogo/2x/googlelogo_color_120x44dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5087
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
172.217.21.162200 OK 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 172.217.21.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Fri, 07 Oct 2022 17:21:14 GMT
expires: Fri, 07 Oct 2022 17:21:14 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6894604230430614880
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 54389
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 6ce3741f19a9930463153e70d8ccf4c5
72ca642bb67d010faff53d8a0d6b735786cce86b
861d33701d66e53a58f7c4742b348a7594d3725f268231b6421cb70d903b5923
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 21:40:14 GMT
Expires: Thu, 13 Oct 2022 21:40:13 GMT
Etag: "72ca642bb67d010faff53d8a0d6b735786cce86b"
Cache-Control: max-age=533338,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684fe218280b31-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 74b63831a0a449c3e37b584db0009072
929f9f036c4a6a078c51c3b3dc2a7f902c9ee9ac
686845b4cf9a67078f03cb221ce13175a72074f6aa3804ba4fa06623ab856bae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23be53f0796c8e41706dcd00284560fc
9608740dde2b8801081f68b9aa0afe9ae048e3fb
08efc4c1977aef68123a25c191e9af752bf3ffc9d9c3a1790ae3ec350a239206
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tagdatax.com/ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253101 Switching Protocols 0 B URL HTTP/1.1 tagdatax.com/ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tagstaticx.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hrvW4FXDIWTGwAARlH9OdA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: M8lNChafeRziiT5K0ezlE40nQtM=
tagdatax.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 1989
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 17:21:14 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
gtoonfd.com/favicon.ico
139.45.197.239204 No Content 0 B IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
Cookie: OAID=091e473ec3cd4261a97ade116a8851fa; oaidts=1665163274; phpckd4677281=true; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 17:21:15 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=521642,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684feb39a4b521-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d99773d8ffb34a2fd6fc1bc596320c29
6b5e6b733e1a83f8c22c47f6f42f1f329057fc83
88970fb54ba92c29c5bef1f942abe38e7ae9280aa75d3455337bfa0fa8fc4786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88970FB54BA92C29C5BEF1F942ABE38E7AE9280AA75D3455337BFA0FA8FC4786"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 07 Oct 2022 18:56:55 GMT
Date: Fri, 07 Oct 2022 17:21:16 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=091e473ec3cd4261a97ade116a8851fa
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=091e473ec3cd4261a97ade116a8851fa
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=091e473ec3cd4261a97ade116a8851fa HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gtoonfd.com
Connection: keep-alive
Referer: https://gtoonfd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:16 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: https://gtoonfd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=091e473ec3cd4261a97ade116a8851fa; expires=Sat, 07 Oct 2023 17:21:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
139.45.197.239200 OK 3.0 kB URL HTTP/2 gtoonfd.com/link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
IP 139.45.197.239:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5402)
Hash eb10954e913e20357557da6ffed87f23
d1fcb621dc68108a6ba6305f6aaa9bcdba6602c8
2478ffbfcd9196a7b820498952b2e378210b0cbe1b24a4694b34564638c9e611
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=4677281&var=702&ymid=e16d715bbae3923c42936774e8d99eb7&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225 HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: OAID=091e473ec3cd4261a97ade116a8851fa; oaidts=1665163274; phpckd4677281=true
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:14 GMT
content-type: text/html; charset=utf8
x-trace-id: 68e6f4176a4cf6546702f498bd1810a4
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=091e473ec3cd4261a97ade116a8851fa; expires=Sat, 07 Oct 2023 17:21:14 GMT; path=/; secure; SameSite=None
oaidts=1665163274; expires=Sat, 07 Oct 2023 17:21:14 GMT; path=/; secure; SameSite=None
allcnt=1; expires=Sat, 07 Oct 2023 17:21:14 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a11e3f0e4371609f69ddd8a94792c68e
b9bd9fd4e403416998fc7f0c99894d8f56e69113
6a28f8535acf9e9a2c8648c874030c11f4ef447b709bf007ee4af2c4632f0fc4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A28F8535ACF9E9A2C8648C874030C11F4EF447B709BF007EE4AF2C4632F0FC4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19680
Expires: Fri, 07 Oct 2022 22:49:16 GMT
Date: Fri, 07 Oct 2022 17:21:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 141c734e41a9beeced4a1791230670a1
5fd9aa956b14fb5b9412543d67bfb0866a675275
73897e3afce421211ccb3071a087bfc2ff24d12e41f3ab6306a9914e1a0c46c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73897E3AFCE421211CCB3071A087BFC2FF24D12E41F3AB6306A9914E1A0C46C3"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4089
Expires: Fri, 07 Oct 2022 18:29:25 GMT
Date: Fri, 07 Oct 2022 17:21:16 GMT
Connection: keep-alive
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 40 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f180b770897d6441bb79cb05ef5655b6
0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:16 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 07 Oct 2022 17:21:18 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 632 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b8b1df8581257ca814e80b9d30cf917
3428b31598e0a17760f37ad5bbf3a2de38e3e68a
0b0fe6929698c799d48180f3521492b5f137b5085bff49e63e1d8a02b64c9eff
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 17:21:18 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 1062996325693d35b14fd1fc19cb96e8
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://r.top100bookies.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=ff565e6d57de47d7b6f5c63c55010d8b; expires=Sat, 07 Oct 2023 17:21:18 GMT; path=/
oaidts=1665163278; expires=Sat, 07 Oct 2023 17:21:18 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 36e8b89ca62831f4f3df06a25d034956
f23e0d504003948d9896cb8c43d23a1c30183ba7
4f9c55bb57b8f002ee66a176747b23fd9cfead78a1ea791791224645e17db406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F9C55BB57B8F002EE66A176747B23FD9CFEAD78A1EA791791224645E17DB406"
Last-Modified: Thu, 06 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3194
Expires: Fri, 07 Oct 2022 18:14:32 GMT
Date: Fri, 07 Oct 2022 17:21:18 GMT
Connection: keep-alive
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3
139.45.197.152200 OK 3.9 kB URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3
IP 139.45.197.152:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1956), with CRLF, LF line terminators
Hash d04900eea3d9502c637bba0c845c5d75
0e743e4445f22e104594bbcaa245ab0e8f6f555b
ba6e1cee898a248d99ae1d2fa4996eb7b39bfa17c728bc86404552316556c1b4
GET /?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=fLca-DwbVZPIFgPTRttiPRXYogAFOhiiJ8t1Ffc1rDU; expires=Fri, 07-Oct-2022 18:21:16 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=ff565e6d57de47d7b6f5c63c55010d8b; oaidts=1665163278
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 17:21:18 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 17:21:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=521640,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75684ff9adc71bfa-OSL
my.rtmark.net/img.gif?f=merge&userId=ff565e6d57de47d7b6f5c63c55010d8b
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=ff565e6d57de47d7b6f5c63c55010d8b
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=ff565e6d57de47d7b6f5c63c55010d8b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:18 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ff565e6d57de47d7b6f5c63c55010d8b; expires=Sat, 07 Oct 2023 17:21:18 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
b1.trickyrock.com/redirect.aspx?pid=3499897&bid=37672
23.36.79.43301 Moved Permanently 0 B URL HTTP/2 b1.trickyrock.com/redirect.aspx?pid=3499897&bid=37672
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=3499897&bid=37672 HTTP/1.1
Host: b1.trickyrock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Fri, 07 Oct 2022 17:21:18 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 07 Oct 2022 17:21:18 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3499897%2c%22BID%22%3a37672%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665163278433)%5c%2f%22%2c%22CookieTag%22%3a%22376723499897451240919C20221071721%22%7d%5d; SameSite=None;; domain=.trickyrock.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228197564061%7c1%22%7d%5d; domain=.trickyrock.com; expires=Sun, 07-Oct-3021 17:21:18 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=92
X-Firefox-Spdy: h2
no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:18 GMT
content-length: 0
location: https://no.unibet.com:443/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
set-cookie: JSESSIONID=node022wsdcmfk1el1oe59r0v3bogw2339299.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node022wsdcmfk1el1oe59r0v3bogw; Path=/; Domain=.unibet.com; Expires=Sun, 06-Oct-2024 17:21:18 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Sun, 06-Oct-2024 17:21:18 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.com; Expires=Sun, 06-Oct-2024 17:21:18 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Fri, 07-Oct-2022 17:21:33 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37672; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
PID=3499897; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Fri, 07-Oct-2022 17:21:33 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38900261; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Fri, 07-Oct-2022 17:21:33 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=no.unibet.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Fri, 07 Oct 2022 17:21:18 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
no.unibet.com/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_E836D2476AF74E41A29DC39B0505C208&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:18 GMT
content-length: 0
location: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Fri, 07 Oct 2022 17:21:18 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
23.36.79.19200 OK 638 B IP 23.36.79.19:0
ASN #20940 Akamai International B.V.
Hash 4c438d61aec73d0a3c515334a49b367f
31fcdb551fbaf51a9bd46af84e12868ed3a6cd40
f4dedc353835b16bd6ffea3420edbcb9758e087a31610f49763b462c981506d2
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Fri, 07 Oct 2022 17:21:18 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
a1s.unibet.com/unibet/studio/dm/english-apple.svg
85.184.96.5200 OK 12 kB URL HTTP/2 a1s.unibet.com/unibet/studio/dm/english-apple.svg
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash d0558d91063038236b60e3ef71fdc1fd
5eb1a238a24f928783bfdf3e8b093e1b38aebe88
25178aeef6eb6b83b96f5f2d004eda3bffbb37122de64afbaef7107b384a4132
GET /unibet/studio/dm/english-apple.svg HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
content-length: 12353
last-modified: Fri, 03 Mar 2017 12:25:20 GMT
etag: "3041-549d2a3958c00"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/1-styles.css
108.161.188.196200 OK 7.7 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/1-styles.css
IP 108.161.188.196:0
Hash 16fe707176191045e9b6ea661c79a7c5
53b339bd131fbca91b5136f4a11d0977ab2146fb
23824bd4d78dcff55dc37ad56d55e94d64adce8eddd280d5242a304ac495ef11
GET /no/pop/casino/bookofdead/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:18 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: ju6iUSU8PdM9jIesylUeYA==
last-modified: Tue, 24 May 2022 14:42:51 GMT
etag: W/"0x8DA3D93AE480BBC"
x-ms-request-id: ae2407a2-301e-0078-1c6f-dab1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 08:20:49 GMT
expires: Mon, 02 Oct 2023 08:20:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 464430
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/rg-logo-.svg
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/rg-logo-.svg
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/rg-logo-.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/authority-.png
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/authority-.png
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/authority-.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/-payments.svg
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/-payments.svg
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/gambling-commission.png
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/gambling-commission.png
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.unibet.com/
85.184.96.0301 Moved Permanently 162 B IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html
content-length: 162
location: https://no.unibet.com/
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
set-cookie: clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
no.unibet.com/
85.184.96.0200 OK 127 kB IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Size 127 kB (127191 bytes)
Hash 5abc472cd548b5ef3c5b82e45d8cb424
fbdd10f3f7b5c2a108bc1dcf97c82af0023c8f1c
f5843e3f257590a61054466b6c49252322de5737cfa6ebab4f6faaa368384a58
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Fri, 07 Oct 2022 17:21:10 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 10 kB IP 142.250.74.3:0
File type gzip compressed data, from Unix\012- data
Hash e32e7096f9bb048b0c61cb7d4ea2152b
77dd1c5b09b288823c12ed1c15636b006cea44f7
85a00e3a05c6bc5878270ae86948671d9b17d32ceca87d6a6a49b1bf233eeff2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/no/pop/casino/bookofdead/1-main.js
108.161.188.196200 OK 69 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/1-main.js
IP 108.161.188.196:0
Hash e4b415eacaceedde625d80d9448e0999
678f03235e629dbb0bc0f2c344f9d5e3f1bde9be
767b1d1408e627d048d9b5ff18b93e7884717f955a05852d136113d06d334731
GET /no/pop/casino/bookofdead/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:18 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: kt67ksnBu92zK/+O3T2K7g==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AE71FBC6"
x-ms-request-id: 1cdedf62-b01e-0059-576f-da9581000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/android-button.svg
108.161.188.196200 OK 77 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/android-button.svg
IP 108.161.188.196:0
Hash 94371abcc3b6d59e5efb2eed9a74d73c
a73ed18c7479559d1bfe9c110bdd45fb5d868a19
401f27dfd14a77b54a817bc746e901e53b478a5e4d16e75d320cd0a20d85b803
GET /no/pop/casino/bookofdead/android-button.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QRSghDb6fqDnPRxmntJCIQ==
last-modified: Tue, 24 May 2022 14:42:57 GMT
etag: W/"0x8DA3D93B159933F"
x-ms-request-id: 8dd7217f-901e-002c-676f-dafead000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.10200 OK 24 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.10:0
Hash c08659efb4bd9496f235d6a0d3235d6a
264a9b95cece44410849693242dfa5a2e05e68b1
cf6634a890d7d8c7201d7071d6b3026bb0ee7162051933b1c35de1a648ecbd0a
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 07 Oct 2022 17:21:19 GMT
date: Fri, 07 Oct 2022 17:21:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/utv-logo.svg
108.161.188.196200 OK 16 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/utv-logo.svg
IP 108.161.188.196:0
Hash 2b018ea787b68aa7f82a4da46918c32f
aeb129be20dbd730cf9de9a89581387b6376a45b
e18b2ce2a3678c1c4f090af570938cd94c0f5ea96d7f45f95987a07ba9a66081
GET /no/pop/casino/bookofdead/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEAED4CB"
x-ms-request-id: 07994b2b-701e-0046-216f-da2685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/nba-logo.svg
108.161.188.196200 OK 85 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/nba-logo.svg
IP 108.161.188.196:0
Hash ce054deb9c34358cf8c089224e42bf69
cfefa7bdee66d78ef128e9c3a1c924749252a43c
3ba6b6c937370ee1c409ed8e0b9b987ddd52932e48c8086d3f357f206a5cf42e
GET /no/pop/casino/bookofdead/nba-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eaLstWd+oATN0BmGvlb9dw==
last-modified: Tue, 24 May 2022 14:42:56 GMT
etag: W/"0x8DA3D93B143014C"
x-ms-request-id: 021ce5fb-301e-0047-416f-da7959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:21 GMT
expires: Thu, 05 Oct 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 164818
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/no/pop/casino/bookofdead/mga-logo.svg
108.161.188.196200 OK 2.5 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/mga-logo.svg
IP 108.161.188.196:0
Hash 059a7279babd3b2cab679364afdb49ab
56670baf9624ed38373fe8b73186c0c44f6a0709
3fb947d8871520ffde3b33caa2a014413e3ca0bd7edcb9dd9ebc6c2040ff2813
GET /no/pop/casino/bookofdead/mga-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Tue, 24 May 2022 14:42:54 GMT
etag: W/"0x8DA3D93AF8F4FC1"
x-ms-request-id: 61313e26-a01e-0027-366f-da05c6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 54a8c6f45c6a0f3a5c0199d65ca880c6
173104e5386bb24b90f2d7350d008490555e635f
036b47cef15d692924142d169d5f859b5273cc83f6adf61b4e6de9d693313abe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5381
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Last-Modified: Fri, 07 Oct 2022 15:51:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
secure.adnxs.com/seg?add=9755599
37.252.172.123307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 37.252.172.123:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Fri, 07 Oct 2022 17:21:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: ec2dcab5-3f88-4b9e-9f1a-64e89952ca87
Set-Cookie: uuid2=4342146212300780195; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 05-Jan-2023 17:21:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
welcome.unibet.com/no/pop/casino/bookofdead/favicon.ico
108.161.188.196200 OK 421 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/favicon.ico
IP 108.161.188.196:0
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /no/pop/casino/bookofdead/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19273%7CvVersion%7C4.4.0; sessionPageNumber=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/x-icon
content-length: 421
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: "0x8DA3D93AE5AF4B7"
x-ms-request-id: e03dda79-001e-0001-196f-da4dde000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665163279474
54.154.199.204200 OK 497 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665163279474
IP 54.154.199.204:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash c60590c325225c249a6d1caa692545f4
b800a81816b539662c1486ef543750ec03649b1c
c1df0fcd663e2409cd463710f8d3807c4646393440be47afa967a8f9b598fc75
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665163279474 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v044-0d690d0dc.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=71277354494479757550385732773664241116; Max-Age=15552000; Expires=Wed, 05 Apr 2023 17:21:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Mh3RR/iCTXE=
Content-Length: 497
Connection: keep-alive
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
37.252.172.123200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 37.252.172.123:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 07 Oct 2022 17:21:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 177bc092-91d3-42cf-9cac-bb3e5c8f4281
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2C%@Xr:%/!1yIE'Yg-$0y=/d!!%mJ$FFjI; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 05-Jan-2023 17:21:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39d435bfc7147f95539f10a4a1733faa
535df0f439d8ac7cf62edc707b4f276de6fb0b32
45afb5ac9efe316f0691800d9b85429a1cc645a6a3b019d9d8b3b637e63cce99
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6455
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 17:21:19 GMT
Last-Modified: Fri, 07 Oct 2022 15:33:44 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
unibet.demdex.net/dest5.html?d_nsid=0
54.154.199.204200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 54.154.199.204:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 7 Oct 2022 17:21:19 GMT
DCS: dcs-prod-irl1-1-v044-0250f6bca.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:18:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: ViApRjNPS6s=
Content-Length: 2791
Connection: keep-alive
welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
108.161.188.196200 OK 5.4 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
IP 108.161.188.196:0
Hash 215ee20c5821650b46389d3943e5fabe
7a6d57234e5efab2deb663081237db163332f689
36de6c1a169091c83cdd0233d782ebf8a36c25048e2736eed6084c4e743bc42a
GET /no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:18 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: XiMVk88BNkcCl05DTI4pAQ==
last-modified: Tue, 24 May 2022 14:42:51 GMT
etag: W/"0x8DA3D93AE3A0410"
x-ms-request-id: 100cb387-201e-0064-1f6f-dae39a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-expert.svg
108.161.188.196200 OK 584 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-expert.svg
IP 108.161.188.196:0
Hash 468ce67da5f54dd68ae013ece92d2ee8
c1aac38509f721d374c266c5b0d619bb98cf4823
88e52a2af186e879d2288274f7566b989aa502e57f86b6cc894ffaef55567796
GET /no/pop/casino/bookofdead/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B05DCC0F"
x-ms-request-id: 1ece6f90-301e-0068-636f-da7492000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash ab2b7d996f9349fc41869dd032af9539
30763523f8aec56dd406c6b1750484662d14e60f
cee36007cd227e85bc6f1d3c0901a5cbcb9f52a8a7563d90b697cb2b67c42e47
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 17:21:20 GMT
Last-Modified: Fri, 07 Oct 2022 15:35:42 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DwvURW-H8hbg3tllWCmY3J0DfXOmthXd4RdSCtMihMzsiBnpz2lG6g==
Age: 6338
cm.everesttech.net/cm/dd?d_uuid=71277354494479757550385732773664241116
34.248.32.199302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=71277354494479757550385732773664241116
IP 34.248.32.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=71277354494479757550385732773664241116 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 07 Oct 2022 17:21:20 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y0BgEAAAAGnhKgOJ; Domain=.everesttech.net; Expires=Sat, 07-Oct-2023 17:21:20 GMT; Path=/
everest_session_v2=Y0BgEAAAAGnhKwOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
54.154.199.204302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
IP 54.154.199.204:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v044-0fd49f064.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=81433932660878379303811379184213859600; Max-Age=15552000; Expires=Wed, 05 Apr 2023 17:21:20 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: fxfbaYMBQ3A=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
54.154.199.204200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ
IP 54.154.199.204:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0BgEAAAAGnhKgOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v044-0ca885ff3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: EczENVGNSPs=
Content-Length: 59
Connection: keep-alive
no.unibet.com/
85.184.96.0200 OK 0 B IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Fri, 07 Oct 2022 17:21:10 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/darts-premier-league.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/darts-premier-league.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/darts-premier-league.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: tUWryfanLH11PuSSk/UuDw==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AE88669E"
x-ms-request-id: f183e13f-901e-0013-406f-da360e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-trust.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-trust.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B0567A22"
x-ms-request-id: e499fd6b-601e-0017-196f-dabb09000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/gb-when-the-fun-stops.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/gb-when-the-fun-stops.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/gb-when-the-fun-stops.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: aKFt6UnI1NUrF+upCSAbIA==
last-modified: Tue, 24 May 2022 14:42:54 GMT
etag: W/"0x8DA3D93AF8084E1"
x-ms-request-id: daefe07b-001e-005c-036f-da475a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 108.161.188.196:0
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 089ff59d-601e-0075-2770-da792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-casino.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-casino.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/icon-casino.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: u/57C1Al21ESpXtbDs6sbw==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B04F0122"
x-ms-request-id: 4b0cdb91-601e-004a-416f-dab18d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/18-plus.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/18-plus.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/18-plus.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEBE14CA"
x-ms-request-id: 1b3a36c6-201e-005b-806f-da2b39000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
whos.amung.us/pingjs/?k=wander001&t=san2val&x=https://www.google.com/
172.67.8.141200 OK 0 B URL HTTP/2 whos.amung.us/pingjs/?k=wander001&t=san2val&x=https://www.google.com/
IP 172.67.8.141:0
GET /pingjs/?k=wander001&t=san2val&x=https://www.google.com/ HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://photo.1msvq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:12 GMT
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75684fd6ef72b527-OSL
X-Firefox-Spdy: h2
tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=702&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D702%26ymid%3De16d715bbae3923c42936774e8d99eb7%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
104.21.28.10200 OK 0 B URL HTTP/2 tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=702&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D702%26ymid%3De16d715bbae3923c42936774e8d99eb7%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
IP 104.21.28.10:0
GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=702&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D702%26ymid%3De16d715bbae3923c42936774e8d99eb7%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225 HTTP/1.1
Host: tagstaticx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photo.1msvq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:14 GMT
content-type: text/html
last-modified: Thu, 04 Aug 2022 15:17:25 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eirXyAchtDxbbzJA9bN9OuzAdm0coFxqxikF0hNAlEVkHjTUxqp8UGJ06yT%2B2ZKHYC4rbJoHjRjrXlm3aBhMBNMLiVJVhOe82VlKUXNd3HtqTAnjEWVHBQl%2B6ZURenjycA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75684fdf6cceb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/darts-european.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/darts-european.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/darts-european.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: zoYCq/GGL4hzx6fLGfy4TA==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AE61D185"
x-ms-request-id: efbab4ec-601e-005a-546f-da74e5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/com-payments.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/com-payments.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Tue, 24 May 2022 14:42:53 GMT
etag: W/"0x8DA3D93AF09B8AB"
x-ms-request-id: 7d4fdf4d-d01e-0070-786f-daabf5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
no.unibet.com/
85.184.96.0200 OK 0 B IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Fri, 07 Oct 2022 17:21:10 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/unibet-logo.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/unibet-logo.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEDE4234"
x-ms-request-id: 0ec3b3d9-701e-001b-556f-da2c01000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/bottom-slash.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/bottom-slash.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/bottom-slash.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 1LyEcsHHwYdod9rpxIDp2A==
last-modified: Tue, 24 May 2022 14:42:56 GMT
etag: W/"0x8DA3D93B10A947D"
x-ms-request-id: d0170420-d01e-003d-0f6f-da6419000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3&mprtr=1
139.45.197.152200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3&mprtr=1
IP 139.45.197.152:0
POST /?l=qCqekRDLtEBTXwP&s=602301036304273662&z=4677282&g=NO&svar=1665163276&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665163276&ssk=ed2b41530c125fcee70cef6d15263e0e&svarok=1&b=79056&oaid=a1a2e04acc5f4fac8fc449238669a6b4&rdk=rk3&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4677282&rsz=4677282&rid=
Cookie: reverse=fLca-DwbVZPIFgPTRttiPRXYogAFOhiiJ8t1Ffc1rDU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 17:21:16 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 108.161.188.196:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_E836D2476AF74E41A29DC39B0505C208&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node022wsdcmfk1el1oe59r0v3bogw; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_E836D2476AF74E41A29DC39B0505C208; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_E836D2476AF74E41A29DC39B0505C208%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: a144a6b8-201e-0064-0d29-dae39a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 17:21:19 GMT
content-type: text/css
x-amz-id-2: bDlIamUY1QfJPc4QlUBnXFv1f1qQDGvTvEH6wm5EFeK9XBcJboUVX25kNqwZs6Ih/vyIsNf6eIM=
x-amz-request-id: 39MR148XF08XCMJM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 29930228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RdAD9in5TNsCoQcW%2B5j5zVq%2BZPOSBOCkxOeiEe172%2BGcZbh93nHhI%2B0Hs0UamvYVL2k5qnUn5V%2BOYtPfIW3DZLUGUjRUgFtbhHECVVK11hFx%2Fjvb%2BC2EiYbT%2F%2F8SOKPvot0ddBqT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75684ffdf8aa71a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2