4.us.silverwinds.xyz/feed/?link=true&tid=4&subid=4.jp.linux.chrome&ref=4.us.silverwinds.xyz&s1=63900321e64a1a5c8a5e0404
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 4.us.silverwinds.xyz/feed/?link=true&tid=4&subid=4.jp.linux.chrome&ref=4.us.silverwinds.xyz&s1=63900321e64a1a5c8a5e0404
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=4&subid=4.jp.linux.chrome&ref=4.us.silverwinds.xyz&s1=63900321e64a1a5c8a5e0404 HTTP/1.1
Host: 4.us.silverwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=4&subid=4&s1=63900321e64a1a5c8a5e0404
Date: Wed, 07 Dec 2022 03:06:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3810
Expires: Wed, 07 Dec 2022 04:10:03 GMT
Date: Wed, 07 Dec 2022 03:06:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6269
Cache-Control: max-age=119353
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:34 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 12:15:47 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 02:20:26 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2768
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10551
Expires: Wed, 07 Dec 2022 06:02:25 GMT
Date: Wed, 07 Dec 2022 03:06:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DTWdaVzqc+usAqwn86RrqXgNlG5laYqj7YWOYp6VDOce5qWIZV/QSSV7ViLPaf+vBe/09DDOrC0=
x-amz-request-id: X282669VG6FQ24RT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 02:49:12 GMT
age: 1042
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 03:06:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f36de1895a5d6c5310455cfd9787cbfc
cbf2c1e77b49dadf5f3e5ff2648747b9c0606531
b5184b9d2d67d9ad19d776ce325548abadb8cd91adb2b0a2df47a75154102748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5184B9D2D67D9AD19D776CE325548ABADB8CD91ADB2B0A2DF47A75154102748"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8865
Expires: Wed, 07 Dec 2022 05:34:19 GMT
Date: Wed, 07 Dec 2022 03:06:34 GMT
Connection: keep-alive
redir.tealwinds.xyz/click/invalid/?tid=4&subid=4&s1=63900321e64a1a5c8a5e0404
198.211.113.186302 Found 230 B URL HTTP/1.1 redir.tealwinds.xyz/click/invalid/?tid=4&subid=4&s1=63900321e64a1a5c8a5e0404
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash bf1ea261d68c3cae104a4434b2ed8723
5c2720cc951f801f2f7091867636e73490adcc78
67be18803779206c2595f60be36782945e42e8ba6ce70f8595a405c6861670d0
GET /click/invalid/?tid=4&subid=4&s1=63900321e64a1a5c8a5e0404 HTTP/1.1
Host: redir.tealwinds.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Wed, 07 Dec 2022 03:06:34 GMT
Connection: keep-alive
Keep-Alive: timeout=5
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 02:11:20 GMT
cache-control: public,max-age=3600
age: 3314
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbd0588e0648671a26977f48152be07b
4144f005c6c4c7fdf7e0fb5b74756d6bf45c3090
daa15015e8d7875c775ae2d1f4766fda070cd996ddf0a1db7a76ae2ec89cbb09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAA15015E8D7875C775AE2D1F4766FDA070CD996DDF0A1DB7A76AE2EC89CBB09"
Last-Modified: Sun, 04 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8676
Expires: Wed, 07 Dec 2022 05:31:10 GMT
Date: Wed, 07 Dec 2022 03:06:34 GMT
Connection: keep-alive
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
51.83.143.92302 Found 0 B URL HTTP/1.1 leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 07 Dec 2022 03:06:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=6390033af7d01f50a123bec9&fid=888fb
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6249
Cache-Control: max-age=114265
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:34 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:50:59 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.148.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.148.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HWrQGBRwnQcCDEY1BLvyMg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vr9KOBniKD92eARAQpG8vaz7cHE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71743371b9306c61e94d302805830cf7
56d90318f78271780f1e0e79479467af353349cd
fddfb1e82b6e908fa41bd638c972ba74b3cf0a72c208e946bda682d7dacda0ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDDFB1E82B6E908FA41BD638C972BA74B3CF0A72C208E946BDA682D7DACDA0ED"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21558
Expires: Wed, 07 Dec 2022 09:05:53 GMT
Date: Wed, 07 Dec 2022 03:06:35 GMT
Connection: keep-alive
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=6390033af7d01f50a123bec9&fid=888fb
5.161.78.177307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=6390033af7d01f50a123bec9&fid=888fb
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=6390033af7d01f50a123bec9&fid=888fb HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Wed, 07 Dec 2022 03:06:35 GMT
content-type: text/html
content-length: 164
location: https://ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
set-cookie: emwxcid_4_1=14eGoKqPxC0fwyycF3VZE6JFfwFRMpEXtSfOh0z5aeEi3W0g5K; expires=Thu, Dec 07 2023 03:06:35 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbd0588e0648671a26977f48152be07b
4144f005c6c4c7fdf7e0fb5b74756d6bf45c3090
daa15015e8d7875c775ae2d1f4766fda070cd996ddf0a1db7a76ae2ec89cbb09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAA15015E8D7875C775AE2D1F4766FDA070CD996DDF0A1DB7A76AE2EC89CBB09"
Last-Modified: Sun, 04 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8675
Expires: Wed, 07 Dec 2022 05:31:10 GMT
Date: Wed, 07 Dec 2022 03:06:35 GMT
Connection: keep-alive
ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
51.83.143.92200 OK 158 B URL HTTP/1.1 ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash c87457594ef907d482eb114aaab14561
a528b0dfb11add9a369a0ad1f1dd462ea345f86e
83c06d15d0da3d5a81c885e5c71ba39c406d464738a421bb732a69f1c7dabf72
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 03:06:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Round: 11hx4alk7e
Raund: 1zd
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
51.83.143.92200 OK 494 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (541)
Hash ddcd1c0555ffc7a9a956a9b92d2ba892
b80262fb4c813aea5661fa8aee0fe02cf60fa0f0
000551961e61a86c5e82322ee7863095c9ade632f96288463ab3cab23b5712fe
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 03:06:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=6390033bd132d81f607b45dc; expires=Sat, 10-Dec-2022 03:06:35 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Cookie: bt-603611c5b7eaf46891533240=6390033bd132d81f607b45dc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 07 Dec 2022 03:06:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
samba.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 samba.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 03:06:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ced9fb153931da1ba5d169e7d019d48d
13276de781e57f4082b422bbc7edb3cf792fb07b
bfa312f4a04b77e3e3e488c21a800b4175660007c80bb645badf362e422f9ae4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=172087
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:35 GMT
Etag: "63900072-117"
Expires: Fri, 09 Dec 2022 02:54:42 GMT
Last-Modified: Wed, 07 Dec 2022 02:54:42 GMT
Server: nginx
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7734
Expires: Wed, 07 Dec 2022 05:15:30 GMT
Date: Wed, 07 Dec 2022 03:06:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7734
Expires: Wed, 07 Dec 2022 05:15:30 GMT
Date: Wed, 07 Dec 2022 03:06:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7734
Expires: Wed, 07 Dec 2022 05:15:30 GMT
Date: Wed, 07 Dec 2022 03:06:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7734
Expires: Wed, 07 Dec 2022 05:15:30 GMT
Date: Wed, 07 Dec 2022 03:06:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7734
Expires: Wed, 07 Dec 2022 05:15:30 GMT
Date: Wed, 07 Dec 2022 03:06:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb602c981-caf1-4cfc-b19b-56f816dc7417.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb602c981-caf1-4cfc-b19b-56f816dc7417.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2ae931d0f14a81013f782d43b8c7b85
9ec84996b63362ad370ff67b0fd8136a343c1bbf
9b4a2b3e5e2d2b4fac094135fed10a3040598f1208f6b2ec52d95d10aca66ed5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb602c981-caf1-4cfc-b19b-56f816dc7417.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9891
x-amzn-requestid: f15dc6ba-901b-4ef6-8589-d8918fe84173
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csU8lF3MoAMF47g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6850-496d269b228065a365a67eea;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:53:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3SFFPJye5LvexbHVfPukXIdJ-BSkP5MCpesIJhqxtSNKamcRNr1lFA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 18:21:44 GMT
age: 31492
etag: "9ec84996b63362ad370ff67b0fd8136a343c1bbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bdf4703f3372054a7aadce1cb0e11bd0
84d060f66accd412503d52c385ee47cb35795c07
c5853b653ee328e567e2456be12450e04c1704ed64fb6234f008532e4b6c8363
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3744
x-amzn-requestid: 73eab74b-e50c-46d1-adde-3ef85fb772f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlj7FDiIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb618-70ffb1925e3a9ef6081d1cd1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F-LcglSz1NX1Q2t84r1dv0vQzONyYMhlGB6TdS6CeKf9I8Krk1mDUg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:55:41 GMT
etag: "84d060f66accd412503d52c385ee47cb35795c07"
content-type: image/jpeg
age: 18655
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d0219e6bee2a28f003f396f872eecf0
b3d22d146c6094cb539de40a72b9c5a140802ee5
41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 02299a39-6804-49ae-b415-313b6e06b2ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfj24G39oAMF25Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63894cf8-5f578e3f211063bd125b645a;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 00:55:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uMTaiFjrcbJxWm4M7BuSHPu0BFUMp9UIpMvnvlLs_dajlM0_iObY2A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:52 GMT
age: 18524
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b89a7fe1080499e4f7171f962b57fec4
62ef59be034071e667e3476ea0740077c86778c1
e17432ce6af0006ba36fd43e13c56c1bd1dd9b1d1bc250309bc2731ac8f52abb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F084354d3-0d22-4203-844f-c2f6ab2af36d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8906
x-amzn-requestid: 453c8d4f-205d-46ac-8d24-1c9849d71419
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvmAyEMnoAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb6d1-7b5051335073a5d2339e02e1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:40:33 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2LpJmaGp8UzaZHqa9WtCTvFq0oQYOVNAdKBdYHURf2d2v5fh7j44uQ==
via: 1.1 e124ba8d7ba1d81e2fdc59ac89f11b70.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:55:06 GMT
age: 18690
etag: "62ef59be034071e667e3476ea0740077c86778c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b92721cbe24623f1713a5248d6a7c1b2
3628390c62642dcc375b28f58c9b48180c4abd73
37d0451c03bc7cf0253aba6d3204cbf38502692a0fbc751a3ead01b07e9a65d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9613
x-amzn-requestid: 3542fd4f-74e3-450b-b7fc-04034d680bf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cslIEEDtIAMFfuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e8233-40eaebed627d374d0910e456;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 23:43:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2aI7z8gOkQiNDlj2tbsoWibfupjl25ZjoO_QRbfmXQKwO-yF455yXg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:18:37 GMT
age: 71279
etag: "3628390c62642dcc375b28f58c9b48180c4abd73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a317faf49d8e057d1da40f9441b6c30
f01497a3eef693b70b18885156f63c9c7305ed7e
5687e273eefa9ba3733fabe234e52bc7db87b4ec6244d12077c5816ae7961576
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849e6cc4-2b6a-4e78-ba2e-d46bfbadd6ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12259
x-amzn-requestid: db1b424e-af8a-4a6f-92dc-27ccf3256d25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: coKPCHc9oAMFygg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638cbd93-56c293d73368cab66819d31e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 15:32:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1go6MAGUUThlH59lQ8FRciYwPrzYJbcTKlNPmzqxNWynDV7SHrwmTw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 05:47:40 GMT
age: 76736
etag: "f01497a3eef693b70b18885156f63c9c7305ed7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
popcash.net/world/go/134600/317194
104.21.52.38301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 104.21.52.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 03:06:36 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxrJbMVFtVKNUN3VsFMc2XAMbIyzL76cvx1%2Bk2HwltnKxTzLEOw%2BrKN3BDloTbISVLOyNoxQh9BWmOSHl1tWp1o5Pj%2FwukP%2FiEoS3lV5e5jz3%2Ftjxo7txj0iZn77"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775a0bd6ae46b503-OSL
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 271 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash b896746929cb2747e121c331924a6fc2
aae46f6930863f6c4125c23d5ab58c9b0686d98b
b3c48b096e0bfa2fb9d3b81dabe57c9c85f79c9987fb30b289927a90f3944fe4
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 07 Dec 2022 03:06:36 GMT
Server: nginx
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=2ce11e1e20c19875&r=&vw=1280&vh=0
3.228.63.1303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=2ce11e1e20c19875&r=&vw=1280&vh=0
IP 3.228.63.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=2ce11e1e20c19875&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Wed, 07 Dec 2022 03:06:38 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6b2957f6c11608e1234f95f8a10ae664
53ee1b97a9217c8ffc70ca1a4e6f4d651c3c56c4
032ace5683db6f61ee91f6ebd44b98942b2b44ae33b51529e10d7130b9b3d6a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 03:06:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 14:30:52 GMT
Expires: Sun, 11 Dec 2022 14:30:51 GMT
Etag: "53ee1b97a9217c8ffc70ca1a4e6f4d651c3c56c4"
Cache-Control: max-age=386052,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775a0be739eeb4eb-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 4090aa9c8657c87ba9256cb6bb69d64f
73f1d7b088d5afaab96a391a4c02ef43e995c086
c65222ec9acece16bad5e3a7462083fe0095ede624e676d979a2ba57cbae5d78
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 17:21:52 GMT
Expires: Mon, 12 Dec 2022 17:21:51 GMT
Etag: "73f1d7b088d5afaab96a391a4c02ef43e995c086"
Cache-Control: max-age=482711,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775a0beb6b86b4eb-OSL
fancycrab.net/click?a=Csxn&e=gAAAAABjkAM_mNiRd39s1esRON2ZSv0ygVv-qPCeYLYh9xAAhdTH4uOKo7jueFAXu3X79YDo4orASARLJ81In7ONYGH0oeXA56ew90xmSTSphFQlbbwm07Ygii_NgkovJS3Jjet0dWxS4b5IirtzyjG8MdN1S7ZWWzuOk_tKYUS2x1AIrhPsMUhVDOcR_vhkz4nLZUApIiFTPdhOLdNQXvIoGL5br4N4UpYV14-JEU_E0YhWRBhmm5naFwyPb9nojtiXRYCYiwRWGcBKJtMcUxUxkk0D-VnywMFt3UIy8OBxVMHDbLb9HLDuMTyQ5ExZg-a6-nB7PzC2a0F3B1bgnLdyLNaVFuf0a903fHVRsLpEffbDPh1dAHABtSMT2CcVIgTuHY3SqETluOn8W7WFtyQdXHmfzvtNVn6V-8MJnf_ZHYijiuJ7oXI7ZdpONuKoMP-Nk9MEV8PyR0JnAC6MfoLsY01DLI7hmk16ZdyatVqsDixDlIRCHKQuE5UnsxsTLO3LpCBd2tw6IBYCqMwFJrviKSbMNH00v4U09OAtox30Z1cNbJtfHB9xJQDfdiQBFps609_syaQUnnsXcY5RItsht9WLM4MRRc0XuHRHKwinjM-313sfAq42XbrMtPN21flFdHvXXz8XE-G4fk9LuU7z8FMwW34UNIHL4sXN2d0FouhESTlGHWJ8pdgSz9I91QZq7Q5fZpTpssO1iSfXe_EWYoRYZfrh_CI_KWDfcYeDtX91VPf7xCD6i4nUkbf6wnrB7qqmrR8ZjgXyx0XSRpzxDs1JetXzeYGQ8Mqaq8eT895XKWlUQnHrtm2uf0f1zEjBw-zWl8t9hDtAnHSZzWDAIoOwV6znuTqVomUGvI309DQQXsdqhG3CyJEac4GJpDUlK-fmQfVw-oENpZ_wvYtFtZNdLubWiWbxaG2_iU3ZipksGyhfZRJVshZGbt9rJc20HiFwnWnCPH_dWIhimWJGPC133nFyta25VlFz_rwysip3kKSP7JwnP73LOs7xz7U_wt5_kIsIOhH4gk5FgH0SrN_FEp49kAdPHI-p1KF9_SbAPel688RDS0QXb3WrP6COroKmYuMEFfp0BBY8cMGlWc7tGLSVQb6YLuXWG99qBmGXJu6b9CWUQz2MG-PmGAqjOGSlxGI4JyOSBz5Wz8mIR75WZOaLatFer_UJIpcs28w7_KeoZoVUz495WN_cL0C52MnFzo1-urax_FC5ajvVK4uvpCP7XAOGwR2avfNCNpdWcioFLgfUTbsKAajMMMVv3MP0s-Wj-IBxfNwhpIv9qOeFojFL0vEOAZao5ACAKp_LYH6uAjpAEfUbdnw0-G-8A4lNNpSw9V7Ck66PO7sMOk3oCFD1z3lJdFYnr6CQv11WTXYwoBrBQE89qHXgZklfNmxd9WYXtEUcuiRDrsMM3OAFeSJh3V0FWpVboGpJtGxKYiTKYGKg5h1gmOU523fLkeuvG4pivnM4a_dQrS_TAb3p19W6cLmiAFPc3MwkGD3mY8wAhPyZplahWTNUTthzhNWGTlQJNqO2Tc6a1HJII3oPKNlj-9W0JiymSTgl5Z3ka1fz1OGxR21_xI75PPc_hqXrPAamH-PklKmxdQ2lqEQf00Uk2EPqw7EDj3bCLWHolPTOjuhHbRy5yxWTfGYSsXZXr0uLCSRDkuaARVrdE0FG_1qzFz8S1Zcgo463Y4cQPrPQ2vFgb4DatejrCUcpjvcfLhXmx7iiykkVOydBz0pmp2U1djSQ8khl70hjXXVZdyLlLkncvRi3yH_uyTq4nK4UFhGj_8l_kagZ2YVHSZbFbh9E360FUS5NQs5uyfghEG0LjwMZuKKtl-4dogPBTYpHH1X7jaUSlkTUIU_0-1eqrkhx6Trti_jWot01YDi4wawHZ8PaFW3ETU7sYcBTN0dljrXY_r76TT4V09zhberawKw598S9i_n7J88D5NnijMoSevoFQv9f4abrks-Tz6FQdAiySXCjumXFXICYM_-b2l3SsROKQgFjDCyCnyP4dSKOXFHMIMZsNS6VntYfFKESKbpGMW-PduRr3JiQVF7BRQa9h5WsjguF2LiAEUXSdZRZj79ucQ4psA7F5vGKhQ_-5rr9WNVnL21CjA4A3EStbq5s0xK20npA1ilowUcy_xflG3JvUJp3gQAHP-SJC9SBnHNHm5ogdlTAMdmUy9PtZW2Im0Zwm3V3eJOb-d8PqrcoXbkKScgYu381hCeyRsQkHkdQflHQ81ZrcmJNwQWGB77HkSjbR9EV5AoPUBaGJS-S0ifMEN_pJtQFN89bxWLi6yGP
157.90.88.167200 OK 3.1 kB URL HTTP/2 fancycrab.net/click?a=Csxn&e=gAAAAABjkAM_mNiRd39s1esRON2ZSv0ygVv-qPCeYLYh9xAAhdTH4uOKo7jueFAXu3X79YDo4orASARLJ81In7ONYGH0oeXA56ew90xmSTSphFQlbbwm07Ygii_NgkovJS3Jjet0dWxS4b5IirtzyjG8MdN1S7ZWWzuOk_tKYUS2x1AIrhPsMUhVDOcR_vhkz4nLZUApIiFTPdhOLdNQXvIoGL5br4N4UpYV14-JEU_E0YhWRBhmm5naFwyPb9nojtiXRYCYiwRWGcBKJtMcUxUxkk0D-VnywMFt3UIy8OBxVMHDbLb9HLDuMTyQ5ExZg-a6-nB7PzC2a0F3B1bgnLdyLNaVFuf0a903fHVRsLpEffbDPh1dAHABtSMT2CcVIgTuHY3SqETluOn8W7WFtyQdXHmfzvtNVn6V-8MJnf_ZHYijiuJ7oXI7ZdpONuKoMP-Nk9MEV8PyR0JnAC6MfoLsY01DLI7hmk16ZdyatVqsDixDlIRCHKQuE5UnsxsTLO3LpCBd2tw6IBYCqMwFJrviKSbMNH00v4U09OAtox30Z1cNbJtfHB9xJQDfdiQBFps609_syaQUnnsXcY5RItsht9WLM4MRRc0XuHRHKwinjM-313sfAq42XbrMtPN21flFdHvXXz8XE-G4fk9LuU7z8FMwW34UNIHL4sXN2d0FouhESTlGHWJ8pdgSz9I91QZq7Q5fZpTpssO1iSfXe_EWYoRYZfrh_CI_KWDfcYeDtX91VPf7xCD6i4nUkbf6wnrB7qqmrR8ZjgXyx0XSRpzxDs1JetXzeYGQ8Mqaq8eT895XKWlUQnHrtm2uf0f1zEjBw-zWl8t9hDtAnHSZzWDAIoOwV6znuTqVomUGvI309DQQXsdqhG3CyJEac4GJpDUlK-fmQfVw-oENpZ_wvYtFtZNdLubWiWbxaG2_iU3ZipksGyhfZRJVshZGbt9rJc20HiFwnWnCPH_dWIhimWJGPC133nFyta25VlFz_rwysip3kKSP7JwnP73LOs7xz7U_wt5_kIsIOhH4gk5FgH0SrN_FEp49kAdPHI-p1KF9_SbAPel688RDS0QXb3WrP6COroKmYuMEFfp0BBY8cMGlWc7tGLSVQb6YLuXWG99qBmGXJu6b9CWUQz2MG-PmGAqjOGSlxGI4JyOSBz5Wz8mIR75WZOaLatFer_UJIpcs28w7_KeoZoVUz495WN_cL0C52MnFzo1-urax_FC5ajvVK4uvpCP7XAOGwR2avfNCNpdWcioFLgfUTbsKAajMMMVv3MP0s-Wj-IBxfNwhpIv9qOeFojFL0vEOAZao5ACAKp_LYH6uAjpAEfUbdnw0-G-8A4lNNpSw9V7Ck66PO7sMOk3oCFD1z3lJdFYnr6CQv11WTXYwoBrBQE89qHXgZklfNmxd9WYXtEUcuiRDrsMM3OAFeSJh3V0FWpVboGpJtGxKYiTKYGKg5h1gmOU523fLkeuvG4pivnM4a_dQrS_TAb3p19W6cLmiAFPc3MwkGD3mY8wAhPyZplahWTNUTthzhNWGTlQJNqO2Tc6a1HJII3oPKNlj-9W0JiymSTgl5Z3ka1fz1OGxR21_xI75PPc_hqXrPAamH-PklKmxdQ2lqEQf00Uk2EPqw7EDj3bCLWHolPTOjuhHbRy5yxWTfGYSsXZXr0uLCSRDkuaARVrdE0FG_1qzFz8S1Zcgo463Y4cQPrPQ2vFgb4DatejrCUcpjvcfLhXmx7iiykkVOydBz0pmp2U1djSQ8khl70hjXXVZdyLlLkncvRi3yH_uyTq4nK4UFhGj_8l_kagZ2YVHSZbFbh9E360FUS5NQs5uyfghEG0LjwMZuKKtl-4dogPBTYpHH1X7jaUSlkTUIU_0-1eqrkhx6Trti_jWot01YDi4wawHZ8PaFW3ETU7sYcBTN0dljrXY_r76TT4V09zhberawKw598S9i_n7J88D5NnijMoSevoFQv9f4abrks-Tz6FQdAiySXCjumXFXICYM_-b2l3SsROKQgFjDCyCnyP4dSKOXFHMIMZsNS6VntYfFKESKbpGMW-PduRr3JiQVF7BRQa9h5WsjguF2LiAEUXSdZRZj79ucQ4psA7F5vGKhQ_-5rr9WNVnL21CjA4A3EStbq5s0xK20npA1ilowUcy_xflG3JvUJp3gQAHP-SJC9SBnHNHm5ogdlTAMdmUy9PtZW2Im0Zwm3V3eJOb-d8PqrcoXbkKScgYu381hCeyRsQkHkdQflHQ81ZrcmJNwQWGB77HkSjbR9EV5AoPUBaGJS-S0ifMEN_pJtQFN89bxWLi6yGP
IP 157.90.88.167:0
ASN #24940 Hetzner Online GmbH
Hash a704777bf4fda6f2877495e685026c10
cba31c94ce6a16adda94aba4c78e16873dc1c324
9e157dc626c780e29fa3d8d069c584ac52d307c9d4f1a7fc1afeae3db55dec83
GET /click?a=Csxn&e=gAAAAABjkAM_mNiRd39s1esRON2ZSv0ygVv-qPCeYLYh9xAAhdTH4uOKo7jueFAXu3X79YDo4orASARLJ81In7ONYGH0oeXA56ew90xmSTSphFQlbbwm07Ygii_NgkovJS3Jjet0dWxS4b5IirtzyjG8MdN1S7ZWWzuOk_tKYUS2x1AIrhPsMUhVDOcR_vhkz4nLZUApIiFTPdhOLdNQXvIoGL5br4N4UpYV14-JEU_E0YhWRBhmm5naFwyPb9nojtiXRYCYiwRWGcBKJtMcUxUxkk0D-VnywMFt3UIy8OBxVMHDbLb9HLDuMTyQ5ExZg-a6-nB7PzC2a0F3B1bgnLdyLNaVFuf0a903fHVRsLpEffbDPh1dAHABtSMT2CcVIgTuHY3SqETluOn8W7WFtyQdXHmfzvtNVn6V-8MJnf_ZHYijiuJ7oXI7ZdpONuKoMP-Nk9MEV8PyR0JnAC6MfoLsY01DLI7hmk16ZdyatVqsDixDlIRCHKQuE5UnsxsTLO3LpCBd2tw6IBYCqMwFJrviKSbMNH00v4U09OAtox30Z1cNbJtfHB9xJQDfdiQBFps609_syaQUnnsXcY5RItsht9WLM4MRRc0XuHRHKwinjM-313sfAq42XbrMtPN21flFdHvXXz8XE-G4fk9LuU7z8FMwW34UNIHL4sXN2d0FouhESTlGHWJ8pdgSz9I91QZq7Q5fZpTpssO1iSfXe_EWYoRYZfrh_CI_KWDfcYeDtX91VPf7xCD6i4nUkbf6wnrB7qqmrR8ZjgXyx0XSRpzxDs1JetXzeYGQ8Mqaq8eT895XKWlUQnHrtm2uf0f1zEjBw-zWl8t9hDtAnHSZzWDAIoOwV6znuTqVomUGvI309DQQXsdqhG3CyJEac4GJpDUlK-fmQfVw-oENpZ_wvYtFtZNdLubWiWbxaG2_iU3ZipksGyhfZRJVshZGbt9rJc20HiFwnWnCPH_dWIhimWJGPC133nFyta25VlFz_rwysip3kKSP7JwnP73LOs7xz7U_wt5_kIsIOhH4gk5FgH0SrN_FEp49kAdPHI-p1KF9_SbAPel688RDS0QXb3WrP6COroKmYuMEFfp0BBY8cMGlWc7tGLSVQb6YLuXWG99qBmGXJu6b9CWUQz2MG-PmGAqjOGSlxGI4JyOSBz5Wz8mIR75WZOaLatFer_UJIpcs28w7_KeoZoVUz495WN_cL0C52MnFzo1-urax_FC5ajvVK4uvpCP7XAOGwR2avfNCNpdWcioFLgfUTbsKAajMMMVv3MP0s-Wj-IBxfNwhpIv9qOeFojFL0vEOAZao5ACAKp_LYH6uAjpAEfUbdnw0-G-8A4lNNpSw9V7Ck66PO7sMOk3oCFD1z3lJdFYnr6CQv11WTXYwoBrBQE89qHXgZklfNmxd9WYXtEUcuiRDrsMM3OAFeSJh3V0FWpVboGpJtGxKYiTKYGKg5h1gmOU523fLkeuvG4pivnM4a_dQrS_TAb3p19W6cLmiAFPc3MwkGD3mY8wAhPyZplahWTNUTthzhNWGTlQJNqO2Tc6a1HJII3oPKNlj-9W0JiymSTgl5Z3ka1fz1OGxR21_xI75PPc_hqXrPAamH-PklKmxdQ2lqEQf00Uk2EPqw7EDj3bCLWHolPTOjuhHbRy5yxWTfGYSsXZXr0uLCSRDkuaARVrdE0FG_1qzFz8S1Zcgo463Y4cQPrPQ2vFgb4DatejrCUcpjvcfLhXmx7iiykkVOydBz0pmp2U1djSQ8khl70hjXXVZdyLlLkncvRi3yH_uyTq4nK4UFhGj_8l_kagZ2YVHSZbFbh9E360FUS5NQs5uyfghEG0LjwMZuKKtl-4dogPBTYpHH1X7jaUSlkTUIU_0-1eqrkhx6Trti_jWot01YDi4wawHZ8PaFW3ETU7sYcBTN0dljrXY_r76TT4V09zhberawKw598S9i_n7J88D5NnijMoSevoFQv9f4abrks-Tz6FQdAiySXCjumXFXICYM_-b2l3SsROKQgFjDCyCnyP4dSKOXFHMIMZsNS6VntYfFKESKbpGMW-PduRr3JiQVF7BRQa9h5WsjguF2LiAEUXSdZRZj79ucQ4psA7F5vGKhQ_-5rr9WNVnL21CjA4A3EStbq5s0xK20npA1ilowUcy_xflG3JvUJp3gQAHP-SJC9SBnHNHm5ogdlTAMdmUy9PtZW2Im0Zwm3V3eJOb-d8PqrcoXbkKScgYu381hCeyRsQkHkdQflHQ81ZrcmJNwQWGB77HkSjbR9EV5AoPUBaGJS-S0ifMEN_pJtQFN89bxWLi6yGP HTTP/1.1
Host: fancycrab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.1
date: Wed, 07 Dec 2022 03:06:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1497)
Hash 28248f74797861cc0727c1c93e00724e
e4afb106ad86ba92217ade928606a240e9efcb5b
55c5e5d185bf319bc85973afb5672390327ab56b0e332b24d8a0b96fe45335ab
GET /cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226390033f7c8fa7.365817831480323109%22%3B%7D; expires=Fri, 06 Dec 2024 03:06:39 GMT; path=; domain=.optnx.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s.optnx.com/cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.optnx.com/cimp.php?data=TVRZM01ETTRNak01T0h4bU9UUmtZVEppTVdaak5HRXpOVFJpWTJJNE9XVXlaams1TlRGa01tRTRPUS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD02YzZhNDc1ZS0zYzUyLTQ5MWQtYTAxZS1mNzZiODE2MmFkN2EmdHM9MTY3MDM4MjM5OCZ6PTQzMTMxODgmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5MTk2MTZ8NDMxOTUyNnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHw1MTYxMjB8NzcuMTc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHxLQ1FZYm5EeGRabmFValhXNXlFckVofDE5ZTBhM2QzZTk1NGY4OTEwZGRkN2QyMGIxMWM5NWVlfDF8MHxwcy5wb3BjYXNoLm5ldHwwfDB8MHwwLjAzfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDJ8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfGQzMzViNmI1OTRiYWExNTgxOTNhOGMxMTk5ZWJhOGVm
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226390033f7c8fa7.365817831480323109%22%3B%7D
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226390033f7c8fa7.365817831480323109%22%3B%7D; expires=Fri, 06 Dec 2024 03:06:39 GMT; path=; domain=.optnx.com;
Location: http://eu.dspsuper.com/api/submit_form_request?p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&ts=1670382398&z=4313188&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
X-Robots-Tag: noindex, follow
eu.dspsuper.com/api/submit_form_request?p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&ts=1670382398&z=4313188&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
139.45.195.207200 OK 5.6 kB URL HTTP/1.1 eu.dspsuper.com/api/submit_form_request?p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&ts=1670382398&z=4313188&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
IP 139.45.195.207:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4632)
Hash f355b3cf236738f08036e5463d7debb3
7157f024a1dd0f46e2779c08aec6665a8ad0e731
adc83c27ad411fbe58110f644031a913b29e43083ffc66bad5c16a1d34218668
Analyzer Verdict Alert quad9 Sinkholed
GET /api/submit_form_request?p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&ts=1670382398&z=4313188&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0- HTTP/1.1
Host: eu.dspsuper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://s.optnx.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
eu.dspsuper.com/api/win_request?ad_scheme=1&p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3D6c6a475e-3c52-491d-a01e-f76b8162ad7a%26ts%3D1670382398%26z%3D4313188%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100
139.45.195.207301 Moved Permanently 175 B URL HTTP/1.1 eu.dspsuper.com/api/win_request?ad_scheme=1&p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3D6c6a475e-3c52-491d-a01e-f76b8162ad7a%26ts%3D1670382398%26z%3D4313188%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100
IP 139.45.195.207:0
File type HTML document, ASCII text
Hash 066fc702f2a20c77c986a3a455663957
9658cba9bc3746a8df85031952df7972923cc20c
bdbed577b96d437c19ba58a05190329d83da5e9de3a7170b378df78622ac6613
Analyzer Verdict Alert quad9 Sinkholed
GET /api/win_request?ad_scheme=1&p=6c6a475e-3c52-491d-a01e-f76b8162ad7a&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3D6c6a475e-3c52-491d-a01e-f76b8162ad7a%26ts%3D1670382398%26z%3D4313188%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100 HTTP/1.1
Host: eu.dspsuper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4313188&feedId=746
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Location: https://eu.can-get-so.me/pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=624191631125913601&subid1=4313188&cost=0.002450
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
eu.dspsuper.com/favicon.ico
139.45.195.207404 Not Found 19 B URL HTTP/1.1 eu.dspsuper.com/favicon.ico
IP 139.45.195.207:0
Hash 595e88012a6521aae3e12cbebe76eb9e
da3968197e7bf67aa45a77515b52ba2710c5fc34
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: eu.dspsuper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4313188&feedId=746
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 07 Dec 2022 03:06:39 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ad994ec46ab10534d63cbfd30344c146
03164711a85ee923335f6b61522a227a93897a19
b8a763ddb57f4859d66dc05dec1a21e2e30c9f4d51aa76557de752686c1d4e18
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8A763DDB57F4859D66DC05DEC1A21E2E30C9F4D51AA76557DE752686C1D4E18"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17348
Expires: Wed, 07 Dec 2022 07:55:47 GMT
Date: Wed, 07 Dec 2022 03:06:39 GMT
Connection: keep-alive
eu.can-get-so.me/pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=624191631125913601&subid1=4313188&cost=0.002450
157.90.33.73302 Found 0 B URL HTTP/2 eu.can-get-so.me/pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=624191631125913601&subid1=4313188&cost=0.002450
IP 157.90.33.73:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=624191631125913601&subid1=4313188&cost=0.002450 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://eu.dspsuper.com/
Connection: keep-alive
Cookie: rauid=N40QHU96Q0OLj9gj2HeohA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 07 Dec 2022 03:06:40 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=714240
set-cookie: rauid=N40QHU96Q0OLj9gj2HeohA; expires=Thu, 07 Dec 2023 03:06:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
adserving.unibet.com/redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=714240
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=714240
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=714240 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 07 Dec 2022 03:06:40 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 07 Dec 2022 03:06:40 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 07-Dec-3021 03:06:40 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=25, origin; dur=43
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01iqju1es5qndszot2bhss1nu5; uniattr=ST.0.T; uniattr_ref=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 03:06:40 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86804722-37950
set-cookie: JSESSIONID=node01tjsd093ue8ps1izh7wuzb51rd3924268.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01iqju1es5qndszot2bhss1nu5; Path=/; Domain=.unibet.nu; Expires=Fri, 06-Dec-2024 03:06:40 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 06-Dec-2024 03:06:40 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Fri, 06-Dec-2024 03:06:40 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669583_B97DD4A849B942168C76D17EBD6892AD; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=86804722; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669583_B97DD4A849B942168C76D17EBD6892AD%26sref%3DRLA%26RLA%3D714240%26affiliateId%3D1%26pid%3D86804722%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 07 Dec 2022 03:06:40 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86804722-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86804722-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&sref=RLA&RLA=714240&affiliateId=1&pid=86804722&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86804722-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01iqju1es5qndszot2bhss1nu5; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669583_B97DD4A849B942168C76D17EBD6892AD; BID=37950; PID=86804722; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669583_B97DD4A849B942168C76D17EBD6892AD%26sref%3DRLA%26RLA%3D714240%26affiliateId%3D1%26pid%3D86804722%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 03:06:40 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 07 Dec 2022 03:06:40 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9483dca1790d0c6650789d7e00809d1b
fdee4da9109d08173bf57c40f68c8a955b6d4e89
3e355df7a5f896d06c387e1ff648760258243246303bb4bb6d3234762639ac62
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E355DF7A5F896D06C387E1FF648760258243246303BB4BB6D3234762639AC62"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14273
Expires: Wed, 07 Dec 2022 07:04:33 GMT
Date: Wed, 07 Dec 2022 03:06:40 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 2.5 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
Hash aa267687f26341663d4087e086300ea6
c773d4599e0fddfb8dbef3030d02403e43160a5e
f639aebb34102dff02ca219082ab1b4e62c40636cde74c30d75bab230c8ca3fd
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153517
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf54e7cb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
216.58.211.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 216.58.211.10:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:09:22 GMT
expires: Wed, 06 Dec 2023 11:09:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 57438
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca0163b98fe08400ca256eab5d2c4aa6
9f98a05573d6618a68e19da6f9b323bff4383193
49dc62f616be2b0f8db1221efc5885d66e53c5d96633d4fffb9f98a153bc40c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5697
Cache-Control: max-age=124513
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:40 GMT
Etag: "638f3060-117"
Expires: Thu, 08 Dec 2022 13:41:53 GMT
Last-Modified: Tue, 06 Dec 2022 12:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.74200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.74:0
Hash 2823a5cef0a61f36ac5b77a439d68154
b194bf61eec0962172e73e3892d3b5ebe46e1f00
332bb97bb3d5d2f442edeb0ed39a79fbdaea9c01f195b66d80597b76f4e1e3c3
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 03:06:40 GMT
date: Wed, 07 Dec 2022 03:06:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ca0163b98fe08400ca256eab5d2c4aa6
9f98a05573d6618a68e19da6f9b323bff4383193
49dc62f616be2b0f8db1221efc5885d66e53c5d96633d4fffb9f98a153bc40c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5698
Cache-Control: max-age=124513
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Etag: "638f3060-117"
Expires: Thu, 08 Dec 2022 13:41:54 GMT
Last-Modified: Tue, 06 Dec 2022 12:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
104.18.25.188200 OK 98 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 104.18.25.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: image/jpeg
content-length: 98453
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
etag: "0x8DACBBCB1BBD29B"
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0b1c71c4-b01e-0049-7003-0350e9000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 153518
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf65f15b50c-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 13 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 09568b2f4fd2e446e388a63dc5210b3b
83085ebe23e947736e0c95a1de8bd09e1f8db4fa
a4bb0edc3d613c07053c4c3cd3ae0d57028a3db69470d65313e755cd3eab01da
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e84b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8aa9320315b7fc787bfd0fd1baea8721
45328506883b22acc927b8038b73e5247b0a1679
c5827834b5ce1e49980b439410b06fca062d877abd8ca89719b589a2fe28b4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 74 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash dc6ea5a1e83a96af636f59c6bc255224
52a9e70a48376d062d8f6468e0fa2cd748299d1a
713e72e22016ec4352c465ec1a51f59f3964f07b5ef1715e3528edf46f1d0049
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: application/xml
x-ms-request-id: 2115ab29-a01e-0027-11e8-0905c6000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 205
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf65f0fb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 28 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash a0e4adabb4e5f93041861f6c21eee3ec
670994f18ca693734ac8505a40aceb143c776703
5add31977b86287c1b2c428478983141fa0b2f5e63093d140d66c6684e06f3d0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: text/css
x-amz-id-2: Naym7hPmP6C6hux6VLJAAre0tbecqXaiQpMJaYu3vDn0x1vPpC32gtoDJkl7kXKmPPFbhKi1q5U=
x-amz-request-id: MZGFJRB14SZWS1MV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 914057
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFT5GbTqORJlG6z57TkUT9BCABV4%2BWvIo%2BLUWqf9DkYbzxWVT%2Fj89aCZ99y9rD4XJc5%2Fu4DCSRl%2FCg7zaL2lIqZy27IM5C%2Bi6KLAYdrz%2FIfCtxg%2FqesU3YG%2F1El9AduxAGCr7l0o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775a0bf5fa980089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 545546
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 17 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash b926b2ba1e14f0d2814df7aa66f94a61
b1951604e063a4faa9fdcd6ae0ba8c6354cb16c9
5d4b9f264d4f554645ce69bb1a6cab6d9ef0152bb28460eaaafbc41295827cf9
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153563
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf54e80b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9de77d68b1bd3571436cfb3e72ec277b
f5f51a1f5e7aa871038a825480449899b160540e
092eb432dc0a8e91d08e2fd6c88207d06e9816c311b4135552ca127869814210
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2162
Cache-Control: max-age=113752
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Etag: "638f1427-117"
Expires: Thu, 08 Dec 2022 10:42:33 GMT
Last-Modified: Tue, 06 Dec 2022 10:06:31 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.148.8200 OK 1.8 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Hash 99ebb4bb79b06a612e34b8a99d4dcdef
bb5ede4c649df5a5ddd5ec81b7d0a2385f233917
b4be02c931b30bca88d7188f1b108b9eca292974998a09b5ee1648d524cf40e3
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: application/json
content-length: 1770
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Tue, 06 Dec 2022 23:13:41 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 13980
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf78d1eb505-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 4.3 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 93ed5d508458e9bda5e59a38eddaf9dc
38391b2915d80d23c8a9bc9fcc33b9a86b35b01e
5a6402aed569795b359a7c6c656f195a2c798b222f906ad6449e5330289683a4
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf54e81b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.210.90200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.210.90:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 07 Dec 2022 03:06:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 9c65be9a-6aae-41f0-b46a-50665116e7fd
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hb[lX_q6N6f94$?ET#)N[UD!!%gc$CYx.; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 07-Mar-2023 03:06:41 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
104.19.148.8200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP 104.19.148.8:0
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 985306
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf83d5db505-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7055ce70d7ede0ef667afe357848fd69
5959653114063d49266f21b4cd0f71ed4d5426a3
6c2cd6ac74d1bffefcf4ce13d2c83ee13a3295404d689026c7a0067babc671c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5917
Cache-Control: max-age=103131
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Etag: "638edbff-1d7"
Expires: Thu, 08 Dec 2022 07:45:32 GMT
Last-Modified: Tue, 06 Dec 2022 06:06:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&d_mid=68707863661055963481414953512595851801&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670382401117
34.248.130.67200 OK 499 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&d_mid=68707863661055963481414953512595851801&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670382401117
IP 34.248.130.67:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 2ee5f9486d1085609252985684fc13fb
6c9f75680d3e6db3a568dcbb28c61854796c1e88
56e6d808c38b14562ff36e31e3a45ca235730f4aac04c1449531b36ca01ec6e4
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&d_mid=68707863661055963481414953512595851801&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670382401117 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=84080151032508744851442377701751726090; Max-Age=15552000; Expires=Mon, 05 Jun 2023 03:06:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: faq03b7VR5w=
Content-Length: 499
Connection: keep-alive
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463995
104.19.148.8200 OK 144 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463995
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9105d06403e39c8b82d16cde3bb3cd96
f2d8d282c4b92a72cac3650b6ea591b6271e49c5
7761f918f35356ee3855701d572b6c0d2cf4ad4e374ed891be0df8b47e3e4b21
GET /pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463995 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: application/json
content-length: 144
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Tue, 06 Dec 2022 23:13:41 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 13980
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf9ddecb505-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 38c3745333a01ac20f474091e5616378
28aa5cad82c20fbae377698bee1e7474afd36bcb
4d566b9ca5a5ce62e86f5baff8e2a5ea38114e981df63c58e413d31de71cd30b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4758
Cache-Control: max-age=107384
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 03:06:41 GMT
Etag: "638ef123-1d7"
Expires: Thu, 08 Dec 2022 08:56:25 GMT
Last-Modified: Tue, 06 Dec 2022 07:37:07 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
unibet.demdex.net/dest5.html?d_nsid=0
34.243.172.78200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.243.172.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 7 Dec 2022 03:06:41 GMT
DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: aim0xVA2Rj8=
transfer-encoding: chunked
Connection: keep-alive
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.173.188200 OK 556 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.173.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1053), with no line terminators
Hash 996c52ae16386a4ad599629c58dd00b4
69d5bfdcc1cfc342686e88e3ac4177082ecd7de3
28d564fbb89141284d5592d179b13b73aa0807c7bfdf37f7cfcde526a5d34c5e
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 302
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf91aff0b39-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e83b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e89b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB155306D"
x-ms-request-id: ef96856b-501e-0041-3303-034ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153517
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf72f58b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?463995
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?463995
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js?463995 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 06 Dec 2022 23:13:41 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 13980
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf78d1cb505-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 0 B URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Wed, 07 Dec 2022 03:06:40 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf53e73b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/xml
x-ms-request-id: 2115ab29-a01e-0027-11e8-0905c6000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 204
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e88b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
49.12.133.80302 Found 0 B URL HTTP/2 adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP 49.12.133.80:0
ASN #24940 Hetzner Online GmbH
GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 07 Dec 2022 03:06:39 GMT
content-type: text/html; charset=utf-8
location: https://fancycrab.net/click?a=Csxn&e=gAAAAABjkAM_mNiRd39s1esRON2ZSv0ygVv-qPCeYLYh9xAAhdTH4uOKo7jueFAXu3X79YDo4orASARLJ81In7ONYGH0oeXA56ew90xmSTSphFQlbbwm07Ygii_NgkovJS3Jjet0dWxS4b5IirtzyjG8MdN1S7ZWWzuOk_tKYUS2x1AIrhPsMUhVDOcR_vhkz4nLZUApIiFTPdhOLdNQXvIoGL5br4N4UpYV14-JEU_E0YhWRBhmm5naFwyPb9nojtiXRYCYiwRWGcBKJtMcUxUxkk0D-VnywMFt3UIy8OBxVMHDbLb9HLDuMTyQ5ExZg-a6-nB7PzC2a0F3B1bgnLdyLNaVFuf0a903fHVRsLpEffbDPh1dAHABtSMT2CcVIgTuHY3SqETluOn8W7WFtyQdXHmfzvtNVn6V-8MJnf_ZHYijiuJ7oXI7ZdpONuKoMP-Nk9MEV8PyR0JnAC6MfoLsY01DLI7hmk16ZdyatVqsDixDlIRCHKQuE5UnsxsTLO3LpCBd2tw6IBYCqMwFJrviKSbMNH00v4U09OAtox30Z1cNbJtfHB9xJQDfdiQBFps609_syaQUnnsXcY5RItsht9WLM4MRRc0XuHRHKwinjM-313sfAq42XbrMtPN21flFdHvXXz8XE-G4fk9LuU7z8FMwW34UNIHL4sXN2d0FouhESTlGHWJ8pdgSz9I91QZq7Q5fZpTpssO1iSfXe_EWYoRYZfrh_CI_KWDfcYeDtX91VPf7xCD6i4nUkbf6wnrB7qqmrR8ZjgXyx0XSRpzxDs1JetXzeYGQ8Mqaq8eT895XKWlUQnHrtm2uf0f1zEjBw-zWl8t9hDtAnHSZzWDAIoOwV6znuTqVomUGvI309DQQXsdqhG3CyJEac4GJpDUlK-fmQfVw-oENpZ_wvYtFtZNdLubWiWbxaG2_iU3ZipksGyhfZRJVshZGbt9rJc20HiFwnWnCPH_dWIhimWJGPC133nFyta25VlFz_rwysip3kKSP7JwnP73LOs7xz7U_wt5_kIsIOhH4gk5FgH0SrN_FEp49kAdPHI-p1KF9_SbAPel688RDS0QXb3WrP6COroKmYuMEFfp0BBY8cMGlWc7tGLSVQb6YLuXWG99qBmGXJu6b9CWUQz2MG-PmGAqjOGSlxGI4JyOSBz5Wz8mIR75WZOaLatFer_UJIpcs28w7_KeoZoVUz495WN_cL0C52MnFzo1-urax_FC5ajvVK4uvpCP7XAOGwR2avfNCNpdWcioFLgfUTbsKAajMMMVv3MP0s-Wj-IBxfNwhpIv9qOeFojFL0vEOAZao5ACAKp_LYH6uAjpAEfUbdnw0-G-8A4lNNpSw9V7Ck66PO7sMOk3oCFD1z3lJdFYnr6CQv11WTXYwoBrBQE89qHXgZklfNmxd9WYXtEUcuiRDrsMM3OAFeSJh3V0FWpVboGpJtGxKYiTKYGKg5h1gmOU523fLkeuvG4pivnM4a_dQrS_TAb3p19W6cLmiAFPc3MwkGD3mY8wAhPyZplahWTNUTthzhNWGTlQJNqO2Tc6a1HJII3oPKNlj-9W0JiymSTgl5Z3ka1fz1OGxR21_xI75PPc_hqXrPAamH-PklKmxdQ2lqEQf00Uk2EPqw7EDj3bCLWHolPTOjuhHbRy5yxWTfGYSsXZXr0uLCSRDkuaARVrdE0FG_1qzFz8S1Zcgo463Y4cQPrPQ2vFgb4DatejrCUcpjvcfLhXmx7iiykkVOydBz0pmp2U1djSQ8khl70hjXXVZdyLlLkncvRi3yH_uyTq4nK4UFhGj_8l_kagZ2YVHSZbFbh9E360FUS5NQs5uyfghEG0LjwMZuKKtl-4dogPBTYpHH1X7jaUSlkTUIU_0-1eqrkhx6Trti_jWot01YDi4wawHZ8PaFW3ETU7sYcBTN0dljrXY_r76TT4V09zhberawKw598S9i_n7J88D5NnijMoSevoFQv9f4abrks-Tz6FQdAiySXCjumXFXICYM_-b2l3SsROKQgFjDCyCnyP4dSKOXFHMIMZsNS6VntYfFKESKbpGMW-PduRr3JiQVF7BRQa9h5WsjguF2LiAEUXSdZRZj79ucQ4psA7F5vGKhQ_-5rr9WNVnL21CjA4A3EStbq5s0xK20npA1ilowUcy_xflG3JvUJp3gQAHP-SJC9SBnHNHm5ogdlTAMdmUy9PtZW2Im0Zwm3V3eJOb-d8PqrcoXbkKScgYu381hCeyRsQkHkdQflHQ81ZrcmJNwQWGB77HkSjbR9EV5AoPUBaGJS-S0ifMEN_pJtQFN89bxWLi6yGP
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf53e78b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf54e7ab50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e85b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e87b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf54e82b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 06 Dec 2022 23:13:41 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 13980
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf75d0bb505-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.173.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.173.188:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 302
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf91b020b39-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: f16842f5-e01e-006b-66e8-0995f6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf32d57b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.173.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.173.188:0
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:41 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 243
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf92b060b39-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86804722-37950&btag=320669583_B97DD4A849B942168C76D17EBD6892AD&bid=37950&campaignId=2799402&pid=86804722
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86173560%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670381447111)%5c%2f%22%2c%22CookieTag%22%3a%223795086173560451240919C2022127250%22%7d%2c%7b%22PID%22%3a86804722%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670382400252)%5c%2f%22%2c%22CookieTag%22%3a%223795086804722451240919C202212736%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228530498544%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19334%7CMCMID%7C68707863661055963481414953512595851801%7CMCAAMLH-1670986248%7C6%7CMCAAMB-1670986248%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670388648s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19341%7CvVersion%7C4.4.0; campaignId=2799402; _ce.s=v~713a04940453f6e23258f8017d842f698ff481d5~vpv~0~v11.rlc~1670381448690
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 03:06:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 153564
vary: Accept-Encoding
server: cloudflare
cf-ray: 775a0bf55e86b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2