redir.blowingwind.xyz/feed/click/?t1=128&tid=22&uid=15&subid=22.22.930_2dc64c4a.us.&id=98776a5f8cec2412358618bd1d73755f:274b4cfdc392fbcc2cc27d4b6111f20839927e405d007fc5b8df7b26f42ab9eda485a7533e984151b20ca850efadb936d58f0620b3a1efb97150d50c9c8364ad62235fc4464559f8aa1165015c4b72fc380253047976e14f0ec41f51a029d6c395711a5bf5ba7b5bf45c7b91afe1f837bc0ac41acf294b11e1d32fe8798236e5fb23ff51863988d37bea56dd144e2bc1d15352fa1fbb65d5744f6055a439123db924ea43017f1e75ed901080b3085f6a32aa24bddc1db77c75a09995dfd92ef269c111f64cf220c9d7c24a06ec2a3ba2d3ac2a3313c22e52707aa6ffc394c8718f5ef705e9227afa19f191dd8c9e6a8940de0ae8d9277c806b7771223f7f2eff055d68d80a9a85d3f2c6a90572f8fc9ed2ebd96712e6aec271823e907182a4c605fff45d363a303c8f417a7ee8e68fa32e3c268871cb46b15208b167d45d648f&s1=63b922dd762e9a655d513e8c
302 Found 288 B URL HTTP/1.1 redir.blowingwind.xyz/feed/click/?t1=128&tid=22&uid=15&subid=22.22.930_2dc64c4a.us.&id=98776a5f8cec2412358618bd1d73755f:274b4cfdc392fbcc2cc27d4b6111f20839927e405d007fc5b8df7b26f42ab9eda485a7533e984151b20ca850efadb936d58f0620b3a1efb97150d50c9c8364ad62235fc4464559f8aa1165015c4b72fc380253047976e14f0ec41f51a029d6c395711a5bf5ba7b5bf45c7b91afe1f837bc0ac41acf294b11e1d32fe8798236e5fb23ff51863988d37bea56dd144e2bc1d15352fa1fbb65d5744f6055a439123db924ea43017f1e75ed901080b3085f6a32aa24bddc1db77c75a09995dfd92ef269c111f64cf220c9d7c24a06ec2a3ba2d3ac2a3313c22e52707aa6ffc394c8718f5ef705e9227afa19f191dd8c9e6a8940de0ae8d9277c806b7771223f7f2eff055d68d80a9a85d3f2c6a90572f8fc9ed2ebd96712e6aec271823e907182a4c605fff45d363a303c8f417a7ee8e68fa32e3c268871cb46b15208b167d45d648f&s1=63b922dd762e9a655d513e8c
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 134f0340f37aadc389918996d4160e07
95165d69f089be44c0bfbdceda3ba2e2666d8fa3
742c937a26284bc06721d4c93164bb555e9bfa1a2628faa606d678f579a9399f
GET /feed/click/?t1=128&tid=22&uid=15&subid=22.22.930_2dc64c4a.us.&id=98776a5f8cec2412358618bd1d73755f:274b4cfdc392fbcc2cc27d4b6111f20839927e405d007fc5b8df7b26f42ab9eda485a7533e984151b20ca850efadb936d58f0620b3a1efb97150d50c9c8364ad62235fc4464559f8aa1165015c4b72fc380253047976e14f0ec41f51a029d6c395711a5bf5ba7b5bf45c7b91afe1f837bc0ac41acf294b11e1d32fe8798236e5fb23ff51863988d37bea56dd144e2bc1d15352fa1fbb65d5744f6055a439123db924ea43017f1e75ed901080b3085f6a32aa24bddc1db77c75a09995dfd92ef269c111f64cf220c9d7c24a06ec2a3ba2d3ac2a3313c22e52707aa6ffc394c8718f5ef705e9227afa19f191dd8c9e6a8940de0ae8d9277c806b7771223f7f2eff055d68d80a9a85d3f2c6a90572f8fc9ed2ebd96712e6aec271823e907182a4c605fff45d363a303c8f417a7ee8e68fa32e3c268871cb46b15208b167d45d648f&s1=63b922dd762e9a655d513e8c HTTP/1.1
Host: redir.blowingwind.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.22.22.930_2dc64c4a.us.&s3=22
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 288
Date: Sat, 07 Jan 2023 07:44:46 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17550
Expires: Sat, 07 Jan 2023 12:37:16 GMT
Date: Sat, 07 Jan 2023 07:44:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e4bdd77c0369662aa71ce2d01fd3edab
0ab1c5857e200e7e7946424c2c844537bfbb9775
a163c19fcc8fcf985e8df6ad4bd7ce73912b3df892d8236c70f9bc80820b26da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A163C19FCC8FCF985E8DF6AD4BD7CE73912B3DF892D8236C70F9BC80820B26DA"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7922
Expires: Sat, 07 Jan 2023 09:56:48 GMT
Date: Sat, 07 Jan 2023 07:44:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 600f7ba6e1a6fbbd176cd2df19b1e4d9
cdd72b25fd91ee980aba193b12e890096e4fe852
860214860947dfbe26099f018747154823b175fceb2821a390cc655da191a6d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "860214860947DFBE26099F018747154823B175FCEB2821A390CC655DA191A6D0"
Last-Modified: Thu, 05 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18822
Expires: Sat, 07 Jan 2023 12:58:28 GMT
Date: Sat, 07 Jan 2023 07:44:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 07 Jan 2023 06:48:06 GMT
content-type: application/json
age: 3400
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4jeGl8jVTQCuifoITk/SmUKmjQy1Vy4bysvBXgav4N9GU1gasHxEKfyLwdFVMOAovzd1egJ5MqY=
x-amz-request-id: W5F1DGBJJ69BHZH7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 07 Jan 2023 07:00:19 GMT
age: 2667
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 07 Jan 2023 07:44:47 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bb1784f7111d5358d3cd4771a1d897e6
3f42d7288f6de0578e32062652924a2e11b2fa21
0ae54e4d17254684d78266ca786a23785d04f10a9fa0b4a4ebef873a32689965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AE54E4D17254684D78266CA786A23785D04F10A9FA0B4A4EBEF873A32689965"
Last-Modified: Fri, 06 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14386
Expires: Sat, 07 Jan 2023 11:44:33 GMT
Date: Sat, 07 Jan 2023 07:44:47 GMT
Connection: keep-alive
t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.22.22.930_2dc64c4a.us.&s3=22
302 Found 0 B URL HTTP/1.1 t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.22.22.930_2dc64c4a.us.&s3=22
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.22.22.930_2dc64c4a.us.&s3=22 HTTP/1.1
Host: t2.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 07 Jan 2023 07:44:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: 2er
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 07 Jan 2023 07:33:40 GMT
age: 667
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55621f9ac09492cb46c5c868c9d94e53
edd1e0a2544c5cf2d0fe1e58f639903d210bcea3
c9bfbc6a5727a9243d4200cd4f02d29b34816b56d28eef4972302cd14246b0e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9BFBC6A5727A9243D4200CD4F02D29B34816B56D28EEF4972302CD14246B0E9"
Last-Modified: Fri, 06 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9322
Expires: Sat, 07 Jan 2023 10:20:09 GMT
Date: Sat, 07 Jan 2023 07:44:47 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.
200 OK 505 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (559)
Hash bebec00b475cb3a2db6117e11385d743
58230a09d3270cb24da7d8e106b3ea34ff072b5d
e43039c44d9cffebb3e0cdc56f5417b24445b50a7d41854a6904fee54f5938fb
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us. HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 07:44:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63b922ef57bd86463a2103d9; expires=Tue, 10-Jan-2023 07:44:47 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.&bv=1
302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.&bv=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.
Cookie: bt-603611c5b7eaf46891533240=63b922ef57bd86463a2103d9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 07 Jan 2023 07:44:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
ocsp.digicert.com/
200 OK 471 B IP
Hash 43c8442b7447debab97b0f6bc973e23a
38a5f1869cff7f6ddbfd3a24e57a3da7851ba3b0
4eb7adc914570287dde1317395d1d95b07271c8fe20b97a8928025c292c47dba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1844
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:47 GMT
Last-Modified: Sat, 07 Jan 2023 07:14:03 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 280 B IP
Hash 5528782ea26a9b277e14c73f72518f4a
402899a56940f54baec10b43dee7be946cf118a9
06ec9907d64f1b092afa251a8e3c499beaf8bba33188132429cdf4d89edb9c4e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3404
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:47 GMT
Etag: "63b7c724-118"
Last-Modified: Sat, 07 Jan 2023 06:48:03 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
ron.trffclb.com/favicon.ico
200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.22.22.930_2dc64c4a.us.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 07:44:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 280 B IP
Hash 5528782ea26a9b277e14c73f72518f4a
402899a56940f54baec10b43dee7be946cf118a9
06ec9907d64f1b092afa251a8e3c499beaf8bba33188132429cdf4d89edb9c4e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4595
Cache-Control: max-age=88360
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:47 GMT
Etag: "63b7c724-118"
Expires: Sun, 08 Jan 2023 08:17:27 GMT
Last-Modified: Fri, 06 Jan 2023 07:00:52 GMT
Server: ECS (amb/6BBA)
X-Cache: HIT
Content-Length: 280
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DXV/3ix4DHNSWRxEl4M+GQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PAut+8SvJsegYOyVO82JGbxEC/I=
popcash.net/world/go/142/26196/
301 Moved Permanently 162 B URL HTTP/1.1 popcash.net/world/go/142/26196/
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/142/26196/ HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 07 Jan 2023 07:44:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://ps.popcash.net/go/142/26196/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOkslRrgTtkc6brsxOoMvXZ4Dstjkm5TsM4q1obbt2pVQ2TF8rrtgd6zKxI0a8RKf3tr1emWTPFLhBbHX0rtwFt2XrStnzOzYEw6Qu2MA%2FrTie3g46nip38Ke%2FIS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 785b11fc4b3fb51e-OSL
alt-svc: h2=":443"; ma=60
popmyads.com/gget
302 Found 269 B IP
File type gzip compressed data, from Unix\012- data
Hash 0f9af861b9dfdd8338f90ba90b011bad
ed2576af6426231181b5c6df93657f1885cb72e8
5f8a6b32fe9848d66cad9b3a67df178d8a2ebb25290ae87213ab139dab4a5cb7
POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 517
Origin: https://popmyads.com
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Sat, 07 Jan 2023 07:44:48 GMT
content-type: text/html; charset=UTF-8
location: http://popcash.net/world/go/142/26196/
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Sat, 07-Jan-2023 07:44:49 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZpXbFs4cmtHosys99G6RFwbt3HLyoTrlgsj%2BgU179nwXDwcXG2S3KGcIs4tU%2B8jVJeq7ITmQiBbA0cP%2BRv6r2jc2n5bN%2FUAOj3XmnuI3ADCtTUBBiXghX%2BaAgwS9DA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 785b11fbad95b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ps.popcash.net/ad/ad?p=142&w=26196&t=571ca5365b08c15e&r=&vw=1280&vh=0
303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=142&w=26196&t=571ca5365b08c15e&r=&vw=1280&vh=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=142&w=26196&t=571ca5365b08c15e&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sat, 07 Jan 2023 07:44:48 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 1e0c985749757446fcdd0389ab3385ca
38a2fe66bfafaa3728b3c07b67b191cc653abea1
d5ee1ba0210fc55edbc9e3276fa1013aaddf5121c6868bb3e4b7f075a1c21a95
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 07:44:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 02:30:51 GMT
Expires: Thu, 12 Jan 2023 02:30:50 GMT
Etag: "38a2fe66bfafaa3728b3c07b67b191cc653abea1"
Cache-Control: max-age=412561,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 785b11ffcdd3b51b-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8293
Expires: Sat, 07 Jan 2023 10:03:02 GMT
Date: Sat, 07 Jan 2023 07:44:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8293
Expires: Sat, 07 Jan 2023 10:03:02 GMT
Date: Sat, 07 Jan 2023 07:44:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8293
Expires: Sat, 07 Jan 2023 10:03:02 GMT
Date: Sat, 07 Jan 2023 07:44:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8293
Expires: Sat, 07 Jan 2023 10:03:02 GMT
Date: Sat, 07 Jan 2023 07:44:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab79c62c-c2c8-44d6-bb2b-a00abef76e42.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab79c62c-c2c8-44d6-bb2b-a00abef76e42.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498c170026d419eef78fcd2f0c39cd8a
ac9335b5a8da94e3f9eede562660075f3e6b94b6
801d0faab81f01412a5379599a97f831cd7c30b10911e5ee451b2336169ed043
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab79c62c-c2c8-44d6-bb2b-a00abef76e42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13789
x-amzn-requestid: 7ce6e8ec-1299-48f0-8605-cb274d1f5695
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eTm6THBeoAMFgGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7b841-7a129c9248497808525e488a;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 05:57:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dUYgLdx59iTKg8EWZomLFtpqd6j7q-taGyndU3EkwU4FEGuVLUrtPg==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 22:33:45 GMT
age: 33064
etag: "ac9335b5a8da94e3f9eede562660075f3e6b94b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a9375cec16bfe696766c8d373d9b54
2167c2f197dd44558ac2dea500d8b6b3cfa50e83
6f94fe0c817b031d913d53fee6b317148bdabea044102b8f0c9df8a3737d59f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10696
x-amzn-requestid: 2117681b-ee8b-4881-b860-087a8662a3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7xM1FK7oAMFd4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae2f1e-5a3648ba2ac7ba01177f361d;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 00:21:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KDj-y09BCvEelNlB8KUmrzk8KxRS8XzXj-XttGqG0WGfRbMHkzsWEg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 06:23:07 GMT
age: 4902
etag: "2167c2f197dd44558ac2dea500d8b6b3cfa50e83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b10b23-bc94-4aaa-ad1a-5f2fe3dc175e.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b10b23-bc94-4aaa-ad1a-5f2fe3dc175e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38737d94d2cd65e9c29f76857ace4475
c833563644d1d9f66f86baea512ea3c0ce9597d0
ea22e6273f2a9e458ab44817881f764956c1f8635b52d4075eb6122cd341a26e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b10b23-bc94-4aaa-ad1a-5f2fe3dc175e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7693
x-amzn-requestid: a016aacf-2b2b-496a-8546-c0ffb583f43f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eO7TWGqPIAMFoQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5d8e2-6e8e32bf78c6bc98676fc113;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 19:52:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7LPlA2tPOJ5Cv8VXhADZAl-eRNDbs_DmomRLkD9yAh0B9hr38WuzpA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 22:01:17 GMT
age: 35012
etag: "c833563644d1d9f66f86baea512ea3c0ce9597d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31bc11ee-d473-4118-9434-3dd149282464.webp
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31bc11ee-d473-4118-9434-3dd149282464.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f83db2c3a907629e06bd60b97d98b436
e7adc7c3fc446bb4b78eef410b5d2a573b50bc6f
800cf7ed947e2a8046b0008d7998d79d9f8e47c6add076da789bf2bf0bda40ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31bc11ee-d473-4118-9434-3dd149282464.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6780
x-amzn-requestid: 3054b209-5d61-4f15-9522-c777bac9c7ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eVxMXEfYoAMF4WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b89582-69265eda1930d43d59790083;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 21:41:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -6EPhBDnwxBwW5rb-QO0EkO5S5APsCjSJIm52FYjl-_MyRbyiGasEg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 21:56:54 GMT
age: 35275
etag: "e7adc7c3fc446bb4b78eef410b5d2a573b50bc6f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb5ffe4f-5ae5-4938-b3ca-b004d549afe4.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb5ffe4f-5ae5-4938-b3ca-b004d549afe4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b068b261514833df29c3081c7681bc1e
d55b98ad8b8720a934ce41132d3e5821f7956511
e9852eb569b9f28d070ba51af9dc8a36698ed9b5afa771d123ce89391f9d7d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb5ffe4f-5ae5-4938-b3ca-b004d549afe4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6801
x-amzn-requestid: 974e4e95-8a57-4d85-b587-aa37bab3faf6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eVxGDEf3IAMF52Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b89559-2984a4fb36910d535abe2856;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 21:40:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 1_FaLJqdAPcmO1By5BQa71NxFK2ELnXpwXqs-9BMPSdRTxrGRhnJUQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 21:58:02 GMT
age: 35207
etag: "d55b98ad8b8720a934ce41132d3e5821f7956511"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1787721-cbc0-4d0c-9ab8-c2bf14e3c622.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1787721-cbc0-4d0c-9ab8-c2bf14e3c622.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65a13b7b11843a364e80dbc2d54345ff
5b24f4bf17da840e61d96b0ed7452911539dbf67
8dea14e05eb2a0c850fe9441b605f50ec6206baf57da4293f2297cab0a82fe37
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1787721-cbc0-4d0c-9ab8-c2bf14e3c622.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10064
x-amzn-requestid: 69f52653-2506-462d-9893-0f799b344286
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eVkwUGirIAMFncw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8819b-0fa57a29615e8bb45dc4542a;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 20:16:27 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: wIRDocC9oXbYc6MO03kfkfBlZe44nlRSoJUaEkt23Hoxp_f51r6FAw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 04:22:22 GMT
age: 12147
etag: "5b24f4bf17da840e61d96b0ed7452911539dbf67"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 0a9457a8571e8539aec3d802e3da5933
e431c8de120f404cac18aef1653b7603ce7e9d72
21c5b31ea65191c0031aa63307c13d47b89df68435ab31415c60505c70feec3b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jan 2023 07:44:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 07 Jan 2023 02:40:42 GMT
Expires: Sat, 14 Jan 2023 02:40:41 GMT
Etag: "e431c8de120f404cac18aef1653b7603ce7e9d72"
Cache-Control: max-age=585951,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 785b1203d964b51b-OSL
curvyalpaca.cc/sc?a=Csxn&c=8tah2natuFVFf5K4WZA5jR&e=gAAAAABjuSLxMzI9EGk1uHIqws35SUplrDY4ykuO8AXiBgr6qIlz26t-5ZOss2BcolGJQVxbh84m7Nb4-iRLitLABF4J6Tkx88D25xFvxOCNldCun4kD2E5SG8jJ1cmkHZNRcIeY1qioXAVQmhKk_3LeyJNQsSvr49Mlspqimlyb_M2ye1cJ5ZP8Sxj7nvT_h6riORxW6jD2Y-gYyGC3alc1ntmc3kVH1f8uNAzQ69AoPRJeIoDHlltTQ2ejmXmg85_TjOtN4VoEKjlzTwvMs2JN7LSHmfY84sMSyB5ESOD9Pj0nc1rorCY1Afs9D-hqCqhqFrG4HUthm_icuWXUu7zcEcZWgSfxAff3_wvUkln765WXzQWFRpMEw4lFv_gOIm1VSQDWgHwcBIQsjRlkkWt_KXEOCtKdTiYM1Jhh0dSFbFHwcykOtRSB-fkLtFkpMC8OW0RkCmanbpSEshyUgjL4bQy6gCA6mQKRUzoXyEvv8qfu0NlG998vQVpcVxRoDy-qMke0owkajvSbboRs8AvLQogoBGCYLE-jvO9yLAAnsUcDwcIleaCjonUVTDIHfDrC0addSD1JcVY7-zEyV5FDOhBCxgI9-XcgQO1g3B9-UC7M1ojnW_RzU8FslRBwBCtizmqwa0z7FtTstTp9TlVQW28KMuO13wasEi0veOJC0TRf6SnKA0wXu-lO8RohS1vWEBljeXn5BJtBKSXIA92pOQyqcZGjlAtiFS-w7aJW3Pxvawz9nRYOWrCMDjwGzysxIv52qbUobiy1tUJwTe7E7UzYuKs7lTEI4c9mv1v4N24hkZHLh09pCXqRuH3mQ4dsAiSESV2pmjLU2kkgSIFcEIRq4VZwYDcwuLd4XzrHbJiybPsXgCOfrNwCw1MiVCB6OjUJ6Yuoy_d2VJn4KlAF9V-VpRYmktyhOapzU2Ks8klhUSV8BHK5L5q0a_FcrbgVpPCk3OqzZ9uk7GpjRuTVkEc3hJh34-AKrJ5CpYo9eRTLQ3lAxDoHhW3XuKKLu6bWsRytcEvSg3l-lBHWQYpvYTI01mcKMqU5nVr1nbkWtfhS0rdYbBkNrp6LjU3fbxAMv5-OSppodGanvaNR1wvZdjE31PFbZig-AUTPpO8OP-R5FYUDvhk6XZyQmzbFoo5G2rViryOL-4htbfxrPwOv9jxHknkQvI6g0xq8fuYNiKsJtBY1bnAixQM5IMpDmWjbxgIBEa4154bPCYYbHoMyYBxq0niB8OxTZ9-ugpFMQON2dIGaYDDk36LHpNxDTas6T_i9j2BFT2v9J22uZPcrDQgq6d-jznFNT5qxbdmkk11DZtFIo-3k4RUySTu5JVH00A5UyGxxGFKAvQAt3iUTy004_RdZAa8oc0fk0b6KhVU7fI8HwU1nvn0hGQk57Coz-_mDFwehIuPaJjyzPTPgE-Gb1hQUPAsjuYGgPookfPW7n_Uvm3xky0wpZ9_0xp4wVsC6z9vDJzuv7kyiZfEgYAoatoJeU1ceewzV1xlYc5q_uOqavIRjpwwFD9viNbDxPIyi1JaUidthmVrpoqYcFhpPS0wjUBVToJcNZ4Ci6PR5VEJxho5QquWfLBwoX-pty8PmMiGrATtAXWTrYwPX1LlnQJ-axaW5XUBkmEJ6UmURQDe_wh5mZ2OVUffjl_SY4-jScMYET78Ek3yQ59NO7i59LrIWc27oCtBAWcrTpy3ecT-j5nHGkPCEC5B1VZomdy4LNtPex9Mt_7GxpqT8UWGlSe___4Z2cc9NOdu7E-xcASsBUSvrNMnP0iaywsAJiQrTZXpKvFULTNzor7w9i1athkTJclYoczWlpGt2rdrizEWQN6npXbR8vzrP4b19qC8rvJLbZy5Kcr2ckdaXJAodLBm9Z2xysTAoTFJM8wl4qePkwogc9_hmWVyIH2Uan8ZVwek3S3LCDzOq03qGThrxX4p4eA7wyxWlj_MQAFRjUlYGQxRE4hD9FA5UuOw-91LTiotfXU6L4ap0nAChRvWev0Vn79tg10Qf6sbj6vSQ7AIQhhqUSJYEy7Xzbl4tw2RQdLulubwNIFWfj9cU2Mu4w6SlnmXq953XEPPO7AJyLXBZpHBG9oa7LYhGnFlqXR-JnS8pfjzTrgy8Dzp1dXwjsz0yHA1GDCxmzuq6XGeoNvlyA-3xr4XvZCtJSSzjCMXsqLMjhL2z6nPlJJGKV-zlGuAqlA==&f=0
302 Found 828 B URL HTTP/2 curvyalpaca.cc/sc?a=Csxn&c=8tah2natuFVFf5K4WZA5jR&e=gAAAAABjuSLxMzI9EGk1uHIqws35SUplrDY4ykuO8AXiBgr6qIlz26t-5ZOss2BcolGJQVxbh84m7Nb4-iRLitLABF4J6Tkx88D25xFvxOCNldCun4kD2E5SG8jJ1cmkHZNRcIeY1qioXAVQmhKk_3LeyJNQsSvr49Mlspqimlyb_M2ye1cJ5ZP8Sxj7nvT_h6riORxW6jD2Y-gYyGC3alc1ntmc3kVH1f8uNAzQ69AoPRJeIoDHlltTQ2ejmXmg85_TjOtN4VoEKjlzTwvMs2JN7LSHmfY84sMSyB5ESOD9Pj0nc1rorCY1Afs9D-hqCqhqFrG4HUthm_icuWXUu7zcEcZWgSfxAff3_wvUkln765WXzQWFRpMEw4lFv_gOIm1VSQDWgHwcBIQsjRlkkWt_KXEOCtKdTiYM1Jhh0dSFbFHwcykOtRSB-fkLtFkpMC8OW0RkCmanbpSEshyUgjL4bQy6gCA6mQKRUzoXyEvv8qfu0NlG998vQVpcVxRoDy-qMke0owkajvSbboRs8AvLQogoBGCYLE-jvO9yLAAnsUcDwcIleaCjonUVTDIHfDrC0addSD1JcVY7-zEyV5FDOhBCxgI9-XcgQO1g3B9-UC7M1ojnW_RzU8FslRBwBCtizmqwa0z7FtTstTp9TlVQW28KMuO13wasEi0veOJC0TRf6SnKA0wXu-lO8RohS1vWEBljeXn5BJtBKSXIA92pOQyqcZGjlAtiFS-w7aJW3Pxvawz9nRYOWrCMDjwGzysxIv52qbUobiy1tUJwTe7E7UzYuKs7lTEI4c9mv1v4N24hkZHLh09pCXqRuH3mQ4dsAiSESV2pmjLU2kkgSIFcEIRq4VZwYDcwuLd4XzrHbJiybPsXgCOfrNwCw1MiVCB6OjUJ6Yuoy_d2VJn4KlAF9V-VpRYmktyhOapzU2Ks8klhUSV8BHK5L5q0a_FcrbgVpPCk3OqzZ9uk7GpjRuTVkEc3hJh34-AKrJ5CpYo9eRTLQ3lAxDoHhW3XuKKLu6bWsRytcEvSg3l-lBHWQYpvYTI01mcKMqU5nVr1nbkWtfhS0rdYbBkNrp6LjU3fbxAMv5-OSppodGanvaNR1wvZdjE31PFbZig-AUTPpO8OP-R5FYUDvhk6XZyQmzbFoo5G2rViryOL-4htbfxrPwOv9jxHknkQvI6g0xq8fuYNiKsJtBY1bnAixQM5IMpDmWjbxgIBEa4154bPCYYbHoMyYBxq0niB8OxTZ9-ugpFMQON2dIGaYDDk36LHpNxDTas6T_i9j2BFT2v9J22uZPcrDQgq6d-jznFNT5qxbdmkk11DZtFIo-3k4RUySTu5JVH00A5UyGxxGFKAvQAt3iUTy004_RdZAa8oc0fk0b6KhVU7fI8HwU1nvn0hGQk57Coz-_mDFwehIuPaJjyzPTPgE-Gb1hQUPAsjuYGgPookfPW7n_Uvm3xky0wpZ9_0xp4wVsC6z9vDJzuv7kyiZfEgYAoatoJeU1ceewzV1xlYc5q_uOqavIRjpwwFD9viNbDxPIyi1JaUidthmVrpoqYcFhpPS0wjUBVToJcNZ4Ci6PR5VEJxho5QquWfLBwoX-pty8PmMiGrATtAXWTrYwPX1LlnQJ-axaW5XUBkmEJ6UmURQDe_wh5mZ2OVUffjl_SY4-jScMYET78Ek3yQ59NO7i59LrIWc27oCtBAWcrTpy3ecT-j5nHGkPCEC5B1VZomdy4LNtPex9Mt_7GxpqT8UWGlSe___4Z2cc9NOdu7E-xcASsBUSvrNMnP0iaywsAJiQrTZXpKvFULTNzor7w9i1athkTJclYoczWlpGt2rdrizEWQN6npXbR8vzrP4b19qC8rvJLbZy5Kcr2ckdaXJAodLBm9Z2xysTAoTFJM8wl4qePkwogc9_hmWVyIH2Uan8ZVwek3S3LCDzOq03qGThrxX4p4eA7wyxWlj_MQAFRjUlYGQxRE4hD9FA5UuOw-91LTiotfXU6L4ap0nAChRvWev0Vn79tg10Qf6sbj6vSQ7AIQhhqUSJYEy7Xzbl4tw2RQdLulubwNIFWfj9cU2Mu4w6SlnmXq953XEPPO7AJyLXBZpHBG9oa7LYhGnFlqXR-JnS8pfjzTrgy8Dzp1dXwjsz0yHA1GDCxmzuq6XGeoNvlyA-3xr4XvZCtJSSzjCMXsqLMjhL2z6nPlJJGKV-zlGuAqlA==&f=0
IP
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (826)
Hash 3965261464513349328f229e3c91b518
9b28bb31228277fc2ca5dafca7e54567659c2be0
64b8faf4c4013f4609a1e194877d36290fb44e114a1d09b653ce090d42b2ac9f
GET /sc?a=Csxn&c=8tah2natuFVFf5K4WZA5jR&e=gAAAAABjuSLxMzI9EGk1uHIqws35SUplrDY4ykuO8AXiBgr6qIlz26t-5ZOss2BcolGJQVxbh84m7Nb4-iRLitLABF4J6Tkx88D25xFvxOCNldCun4kD2E5SG8jJ1cmkHZNRcIeY1qioXAVQmhKk_3LeyJNQsSvr49Mlspqimlyb_M2ye1cJ5ZP8Sxj7nvT_h6riORxW6jD2Y-gYyGC3alc1ntmc3kVH1f8uNAzQ69AoPRJeIoDHlltTQ2ejmXmg85_TjOtN4VoEKjlzTwvMs2JN7LSHmfY84sMSyB5ESOD9Pj0nc1rorCY1Afs9D-hqCqhqFrG4HUthm_icuWXUu7zcEcZWgSfxAff3_wvUkln765WXzQWFRpMEw4lFv_gOIm1VSQDWgHwcBIQsjRlkkWt_KXEOCtKdTiYM1Jhh0dSFbFHwcykOtRSB-fkLtFkpMC8OW0RkCmanbpSEshyUgjL4bQy6gCA6mQKRUzoXyEvv8qfu0NlG998vQVpcVxRoDy-qMke0owkajvSbboRs8AvLQogoBGCYLE-jvO9yLAAnsUcDwcIleaCjonUVTDIHfDrC0addSD1JcVY7-zEyV5FDOhBCxgI9-XcgQO1g3B9-UC7M1ojnW_RzU8FslRBwBCtizmqwa0z7FtTstTp9TlVQW28KMuO13wasEi0veOJC0TRf6SnKA0wXu-lO8RohS1vWEBljeXn5BJtBKSXIA92pOQyqcZGjlAtiFS-w7aJW3Pxvawz9nRYOWrCMDjwGzysxIv52qbUobiy1tUJwTe7E7UzYuKs7lTEI4c9mv1v4N24hkZHLh09pCXqRuH3mQ4dsAiSESV2pmjLU2kkgSIFcEIRq4VZwYDcwuLd4XzrHbJiybPsXgCOfrNwCw1MiVCB6OjUJ6Yuoy_d2VJn4KlAF9V-VpRYmktyhOapzU2Ks8klhUSV8BHK5L5q0a_FcrbgVpPCk3OqzZ9uk7GpjRuTVkEc3hJh34-AKrJ5CpYo9eRTLQ3lAxDoHhW3XuKKLu6bWsRytcEvSg3l-lBHWQYpvYTI01mcKMqU5nVr1nbkWtfhS0rdYbBkNrp6LjU3fbxAMv5-OSppodGanvaNR1wvZdjE31PFbZig-AUTPpO8OP-R5FYUDvhk6XZyQmzbFoo5G2rViryOL-4htbfxrPwOv9jxHknkQvI6g0xq8fuYNiKsJtBY1bnAixQM5IMpDmWjbxgIBEa4154bPCYYbHoMyYBxq0niB8OxTZ9-ugpFMQON2dIGaYDDk36LHpNxDTas6T_i9j2BFT2v9J22uZPcrDQgq6d-jznFNT5qxbdmkk11DZtFIo-3k4RUySTu5JVH00A5UyGxxGFKAvQAt3iUTy004_RdZAa8oc0fk0b6KhVU7fI8HwU1nvn0hGQk57Coz-_mDFwehIuPaJjyzPTPgE-Gb1hQUPAsjuYGgPookfPW7n_Uvm3xky0wpZ9_0xp4wVsC6z9vDJzuv7kyiZfEgYAoatoJeU1ceewzV1xlYc5q_uOqavIRjpwwFD9viNbDxPIyi1JaUidthmVrpoqYcFhpPS0wjUBVToJcNZ4Ci6PR5VEJxho5QquWfLBwoX-pty8PmMiGrATtAXWTrYwPX1LlnQJ-axaW5XUBkmEJ6UmURQDe_wh5mZ2OVUffjl_SY4-jScMYET78Ek3yQ59NO7i59LrIWc27oCtBAWcrTpy3ecT-j5nHGkPCEC5B1VZomdy4LNtPex9Mt_7GxpqT8UWGlSe___4Z2cc9NOdu7E-xcASsBUSvrNMnP0iaywsAJiQrTZXpKvFULTNzor7w9i1athkTJclYoczWlpGt2rdrizEWQN6npXbR8vzrP4b19qC8rvJLbZy5Kcr2ckdaXJAodLBm9Z2xysTAoTFJM8wl4qePkwogc9_hmWVyIH2Uan8ZVwek3S3LCDzOq03qGThrxX4p4eA7wyxWlj_MQAFRjUlYGQxRE4hD9FA5UuOw-91LTiotfXU6L4ap0nAChRvWev0Vn79tg10Qf6sbj6vSQ7AIQhhqUSJYEy7Xzbl4tw2RQdLulubwNIFWfj9cU2Mu4w6SlnmXq953XEPPO7AJyLXBZpHBG9oa7LYhGnFlqXR-JnS8pfjzTrgy8Dzp1dXwjsz0yHA1GDCxmzuq6XGeoNvlyA-3xr4XvZCtJSSzjCMXsqLMjhL2z6nPlJJGKV-zlGuAqlA==&f=0 HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjuSLx-Iq6z5tJ5WlckI6Lwyfo9sig7OZGPzvRBxDUExjuR_25uoFPUyKVlD2rHpMgeE7p9590NudJlnCYp1Ukd9Ij73DsCyFIJwkRlZlC2SuvvSB1O6UCBclmDZRl9IInmrbxSeScn6VxGIRPjVSx4am7_IswJdrr-zpqy9pHjQ60uI5p843lWixM-J05P__IxkDy0gOmFgmAUft4vQe5LU9f6jFJFFyT-K8iblRqp6VsX1YovcYQwkFtcGpanVIvAFZtLQgIEdk7d5dk7A6jbA2CToyhVB69-yxpzxYulg4LbINgMF2fB5cIUsKZUPTPQ56rIATHi_wjEsqcxZW7xNuIJTHfR4ItsK8b9LAh--RxogbrnOpq5UcgbGDQtBCAQ_u7TsXhvljDeTP0TE6DIvzy7ouHxo8PUWxX78zCBIhlnhWt3-BFa0FHxbFzpMJqtpjlFB3GzQ3hLoItU2D2VJR9befGcCvVF8XUKvNKuFbG4ZB5Yl95eK8OCRgsbvFmKOZzGldv9E3nG-4gc_4Luoo5a6x5m-I7kVkQ1MUsfi88LkVwalwd9MRZzW8otfadEN7rWVmyhIpdhwEaIfHBHy26S7mzwb5UWKk2A5slTD8w5LiYGlCgqmx6RnAhkPUZsNtqN8Of1v1Sc9k2L1t2J7wC7SjiWVmsk0kNah1s1ntNX5rl6ylkS0QaRpmbU-VqKmhv1_tz57T5vHQW8SaPy9tjBRgG-hyPwzEGxVliTwuJZyP749CUf8cHSHc6zhfJ6W8IupvqL0CriCPY58sznWSy6IIQ_CHr12LnZ2K4Izr3AxEOikUUg5xHi_nl74W4M8I_bCqrryItTtFH6zI0P4-dxAbWDcqjwFW6VaD6gBOoACx68M_VIMrsOy5FwQ5ORZBtqqWRuJ7HxBe3R6QLB3oIgwwxzjqIuhBBhwnF_-WKRl3mUopE158cl-OVeiq3xdoYd7cL4hZ_v6kNtksqcUe16gVNCmu5UgcpSXh6G9Owb0sd7ZARNzJutOofTKviTe929aNATvU17AvmY0y6xWEckMJer8EqcGppoLwb_tFUlN1eH0fDn3CM5VHzzMDhofn22iGgungGDVhny9PYfLhYAr0qmiCyOXr37P8MRIOEWp831ouRW3HMfNzY1yVZvkKep2qAAj1xoB1fCT4crSX5Cve2ag3Z4eTXuZUKoDQ0fSUqda4Z1KQYbKDtFrntaI86XmeZx2CFVidKSPY8pl2grTiKtrZ4II-AkB9P0GtCHajvm6M4Mf65VYxXPtRnp3A1riujG51WuvChTGnSTMtvbzIRy8xBVZQkbggBJov3Yg6nSnuWCJRQ3wUImhMzXNqyNNgZheBs3ncCjOxTorg0O4GvKHAdjNtL4lCFmYRqSVg1ku6hNMO6irWErcKpEgqfumcZg4bd6xSkMUiBfq2zyB8XGalEzYItb-HghiN9nRBjJiyjCX_6XshAyMr96ElRiOq8iX04Q9br2Xl6cM1AgQFxBj4HQ6SfJkRKwXL88GHRcJNsKyU5laz-_q8eDRGAsmfh60PDXZ_zdBO3ZkfjKPg0-DcxgVjPiRKfwFmUhTPoMW18AEPjt2ZdQrzMvPmhfObsYplH_zH7C-fglMEYEebcvmfrSsByugCcBBbxVDpx1SFZP1x67oqAK3-Li1RTC2Wm4lPSdRZJeny1T4ku8t3OU9ndTthfWgu9lMzBE6xy_ZQItyQROC3NBImkEXL1MEgnsQ_gFXgFp-497mLFmWhAnc-xkNu2X44Or4DWmeREs4h4i5QHC6pKtb2nxKl73esH-ZqYD4My37wxZnOqS40F8PwiAq1P9KbncN_WTmJoA5ZM_uebsPwZ-Avd9HA52z7xLsrcyiyj5hP6XGbNCkP1GatjEcOomgkufYzpDrN-ytFSYjlLmynBtulYAGeXy-vqB8DTrtWjtgdli0fCVEvav0cSYIRGhoVT6a0NjZK_OxmV2BontAZQVlwGGZfS3jR9PZ9RqY7tK7KbD4ki6nfTtYA5gSf3_IUOJ06wELo6uH51lgX_veIvKW3hPxaPWQgO-UJQVhNBERPAi429UaOsXf4k1x8kZwLzY__U8fG1kgBPvmTaJapki5Y45m7eiTWvd6GiJudDmli_5NPHkoV5iAKxq1gHovk6c2aPCNbNeBBG6YBP3fpQM3JG_bevcFaHuwK5AZ82FXA4jabong%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.1
date: Sat, 07 Jan 2023 07:44:49 GMT
content-type: text/html; charset=utf-8
content-length: 828
location: http://s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx
200 OK 1.1 kB URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1453)
Hash 2614645e0918bff439b4404f7c7ad4f9
f2d0cfcea9bfab70db2d2fda644a446fd1ebe95e
e50b0424b77fb45e416a8c98cde3934bc5a718e92b3ccfa381fb2797d11b1e01
GET /cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 07:44:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263b922f19c0293.45813632642834884%22%3B%7D; expires=Mon, 06 Jan 2025 07:44:49 GMT; path=; domain=.optnx.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
IP
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.optnx.com/cimp.php?data=TVRZM016QTNOelE0T0h4bU9ERTJNMkUzWVRJNE1ERTFZMlEwWmpKa00yWXpNalpsWmprNU4yVXdNQS0tfGh0dHA6Ly9ldS5kc3BtZWdhLmNvbS9hcGkvc3VibWl0X2Zvcm1fcmVxdWVzdD9wPTg2ZGNjMWEyLWU2NDQtNDcxMC1iYmJjLTdjOWZlNGEzN2I4YiZ0cz0xNjczMDc3NDg4Jno9NDgwNzY3MCZleG9fY2lkPTM0MDk2MjN8aHR0cHw5MS45MC40Mi4xNTR8Tk9SfDQxfGFkZXVtLmNvbXw0OTQyMjR8NzEyMTkyfDk0NDQ2OHw0NTU3ODYyfDUxMXwzNDA5NjIzfDM1MTQ4MTI5fDQwfDN8MHwwfDI1MzQ0fDB8MzUuMjh8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4xfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDJ8MHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDQ0NWM4ZjE1Y2YwNzIwM2YxOWZkMmQ2ZDUxMmQ4MWIx
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263b922f19c0293.45813632642834884%22%3B%7D
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 07 Jan 2023 07:44:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263b922f19c0293.45813632642834884%22%3B%7D; expires=Mon, 06 Jan 2025 07:44:49 GMT; path=; domain=.optnx.com;
Location: http://eu.dspmega.com/api/submit_form_request?p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&ts=1673077488&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
X-Robots-Tag: noindex, follow
eu.dspmega.com/api/submit_form_request?p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&ts=1673077488&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
200 OK 4.5 kB URL HTTP/1.1 eu.dspmega.com/api/submit_form_request?p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&ts=1673077488&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3500)
Hash 4e5973760ba651da2fcfe372f551cb5a
63490c9a9219aba704682386274875dc9df788b1
02c3d5e9ca15316a51549fc409e92e3e7627f4ee1859af284a23bce88fb5c9d2
Analyzer Verdict Alert quad9 Sinkholed
GET /api/submit_form_request?p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&ts=1673077488&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0- HTTP/1.1
Host: eu.dspmega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://s.optnx.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 07 Jan 2023 07:44:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
eu.dspmega.com/api/win_request?ad_scheme=1&p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspmega.com%2Fapi%2Fsubmit_form_request%3Fp%3D86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b%26ts%3D1673077488%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=
301 Moved Permanently 175 B URL HTTP/1.1 eu.dspmega.com/api/win_request?ad_scheme=1&p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspmega.com%2Fapi%2Fsubmit_form_request%3Fp%3D86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b%26ts%3D1673077488%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=
IP
File type HTML document, ASCII text
Hash 399096211e821b252c2f52bffeec3645
9b182386091df2ed32f8680d656bc9c33fe3f17a
41eb3a478ce4a9cb25418194c5b2dc26cc4bb7ada6de14eba4b9d967f724e0d3
Analyzer Verdict Alert quad9 Sinkholed
GET /api/win_request?ad_scheme=1&p=86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspmega.com%2Fapi%2Fsubmit_form_request%3Fp%3D86dcc1a2-e644-4710-bbbc-7c9fe4a37b8b%26ts%3D1673077488%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl= HTTP/1.1
Host: eu.dspmega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspmega.com/api/reverse?var=4807670&feedId=746
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 07 Jan 2023 07:44:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=635495658363035648&subid1=4807670&cost=0.001260
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
eu.dspmega.com/favicon.ico
404 Not Found 19 B URL HTTP/1.1 eu.dspmega.com/favicon.ico
IP
Hash 595e88012a6521aae3e12cbebe76eb9e
da3968197e7bf67aa45a77515b52ba2710c5fc34
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: eu.dspmega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspmega.com/api/reverse?var=4807670&feedId=746
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 07 Jan 2023 07:44:50 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
X-Content-Type-Options: nosniff
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d7ab1dbe0d5fc98d758a30e19f8c7cde
7eefb591b500b3da6b2998595b146fd9f19b5ac1
0a1f8d4a9f1842d2518d4938bdbc3d98593d45f8aa1581df42323902b1f7c13f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A1F8D4A9F1842D2518D4938BDBC3D98593D45F8AA1581DF42323902B1F7C13F"
Last-Modified: Sat, 07 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13734
Expires: Sat, 07 Jan 2023 11:33:44 GMT
Date: Sat, 07 Jan 2023 07:44:50 GMT
Connection: keep-alive
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=635495658363035648&subid1=4807670&cost=0.001260
302 Found 0 B URL HTTP/2 eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=635495658363035648&subid1=4807670&cost=0.001260
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=635495658363035648&subid1=4807670&cost=0.001260 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://eu.dspmega.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 07 Jan 2023 07:44:50 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_CS_DT_KINDRED_?source=715734&geo=NO&device=desktop
set-cookie: rauid=M5JvUvyJQMOBl8sGpE6PqQ; expires=Sun, 07 Jan 2024 07:44:50 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
35.227.234.222/2/PU_NO_CS_DT_KINDRED_?source=715734&geo=NO&device=desktop
302 Found 0 B URL HTTP/1.1 35.227.234.222/2/PU_NO_CS_DT_KINDRED_?source=715734&geo=NO&device=desktop
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /2/PU_NO_CS_DT_KINDRED_?source=715734&geo=NO&device=desktop HTTP/1.1
Host: 35.227.234.222
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 07 Jan 2023 07:44:50 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 07 Jan 2023 07:44:50 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 07 Jan 2023 07:44:50 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d; domain=.unibet.com; expires=Mon, 07-Jan-3022 07:44:50 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=34
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 07 Jan 2023 07:44:50 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950
set-cookie: JSESSIONID=node01k030tp7uxnsz15fgtrwbvgia56928220.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01k030tp7uxnsz15fgtrwbvgia; Path=/; Domain=.unibet.nu; Expires=Mon, 06-Jan-2025 07:44:50 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Mon, 06-Jan-2025 07:44:50 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Mon, 06-Jan-2025 07:44:50 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669908_AD703FBE93E64830B275F1C120C6AE19; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=86299988; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_AD703FBE93E64830B275F1C120C6AE19%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 07 Jan 2023 07:44:50 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01k030tp7uxnsz15fgtrwbvgia; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_AD703FBE93E64830B275F1C120C6AE19; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_AD703FBE93E64830B275F1C120C6AE19%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 07 Jan 2023 07:44:50 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 07 Jan 2023 07:44:50 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d6d87c189a950a910244bd951ccd9101
35dfb8c4552844a0079d240ef82f7cbf35f94bf7
f82c04be7cbf8b5ae65483a004f6395eda7df6795a7c5108e6786853dd07d809
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F82C04BE7CBF8B5AE65483A004F6395EDA7DF6795A7C5108E6786853DD07D809"
Last-Modified: Fri, 06 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=625
Expires: Sat, 07 Jan 2023 07:55:15 GMT
Date: Sat, 07 Jan 2023 07:44:50 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
200 OK 1.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash dd0a69f6603442fa9865a27f9d21a089
a85e055fd51220ac2d0451b6e39189948b55afb7
1712c23daf0b553ed847f394d7eb66e332e8098b2b81d19254f9c8b04ffecfb6
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd50b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
200 OK 957 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
ASN #47171 Unibet Services Limited
Hash e19225e3eb562a3b6a86f7b8b47c38fb
ce3eb55448afd8fc9dfa4ac82f8743a009d5e142
c152526a02cb050650847e999ae141eae985472fbf73c5a843160b3b6bb06f79
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: application/javascript
content-length: 957
last-modified: Mon, 25 Apr 2022 12:18:31 GMT
etag: "3bd-5dd799309c310"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
200 OK 934 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 24c37f5271da763bcd439d94bce2e998
9cce565191f1e383ea503358eb658d3070fc01dd
81ea5111f359f6d9782e978bf9d596ebd0e7dc52ff22e94f043b054d6798e30c
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd60b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jan 2023 22:35:23 GMT
expires: Wed, 03 Jan 2024 22:35:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 292168
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
200 OK 1.3 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP
ASN #47171 Unibet Services Limited
Hash eba5e907442db5325e8e72cb2ad6a1a1
714feb779c9f4fcf043d8c58d20e357b724245f6
bd056f8be3b39b7431a81cf10bebe28643b414b851dca01983757144a6d783e7
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 623e85ff33837eb6c59e11ae2759237a
cea1948490802e652e7f6678dc76694e0d6ab61a
1fb30f3579d3277435c860f472008bea3680db1202d838ad4669d943ec88ba65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
200 OK 98 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: image/jpeg
content-length: 98453
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
etag: "0x8DACBBCB1BBD29B"
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0b1c71c4-b01e-0049-7003-0350e9000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 429112
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120f8c660b55-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
200 OK 13 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 09568b2f4fd2e446e388a63dc5210b3b
83085ebe23e947736e0c95a1de8bd09e1f8db4fa
a4bb0edc3d613c07053c4c3cd3ae0d57028a3db69470d65313e755cd3eab01da
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8bdf0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8b64a17d9b8c33515817fc19dd6f60d7
a752305109964bc1ef3537debed9c40c44198cea
8f7b7d229100176e82780eb0c3808b410b078025237210d8b5037c30ac3b0987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8b64a17d9b8c33515817fc19dd6f60d7
a752305109964bc1ef3537debed9c40c44198cea
8f7b7d229100176e82780eb0c3808b410b078025237210d8b5037c30ac3b0987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
200 OK 5.7 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
Hash 2165aaf6747edcfd76132e868a1b45fa
b43806a5f8f921b16cd1a45c63dc87f075ada4f4
9771925d960703263e36ea2cfe684d29e86a2a4566424d27b97597503c5a4e80
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429149
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e6bc70b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
200 OK 24 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash ef717e408abb2e128bdd97d593d5b224
150c2522b8b06293dd7e07b0fd449c20d0fffd49
cccb36e5c50dc459434c75732c1345c65868e5f4d6fe7f20400103cdaeccc7e7
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd80b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8b64a17d9b8c33515817fc19dd6f60d7
a752305109964bc1ef3537debed9c40c44198cea
8f7b7d229100176e82780eb0c3808b410b078025237210d8b5037c30ac3b0987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 19:33:54 GMT
expires: Thu, 04 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 216657
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: M4A/F0JmvDZ1O1xRg2EBakOzxZF3bSCcwS7PM2TzdgHMYzotAgHsHpRFaX6ety8BGzuScpc+CmY=
x-amz-request-id: KZBF2W9RM5AR88GJ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2071887
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTc03jllC1JsJ2dc3zirx5aK77sHi1COYmCJoZzQDAiV6NmKwM2ak9z7BWQT0KimSgbNcEtx0ormu%2FAKeCxRQHu66dzr7baQQz7uQBehUjqftvLVgGJ99OkMUcV%2Fmv%2BAeBjAaJfU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 785b120fbb9188a3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 19:34:15 GMT
expires: Thu, 04 Jan 2024 19:34:15 GMT
cache-control: public, max-age=31536000
age: 216636
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
200 OK 92 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash e649bf218476a44fb43ee8b9e909b654
ab3fe932dbe1cf8f39ead6edc10f4e700aa45fdf
81f1e72574df827fe905c06d22d2a8e5e5bdf4ab26a32c7331a48c971254d95a
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd70b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8b64a17d9b8c33515817fc19dd6f60d7
a752305109964bc1ef3537debed9c40c44198cea
8f7b7d229100176e82780eb0c3808b410b078025237210d8b5037c30ac3b0987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 17cf9dce587a0172ed5024014092613a
c4d54d41bb2065c443b71ce4cb0765afcf25ff5d
c9e7f02104dba48ac14728545d4e4fbc2393ab6c2cb4b36504aad9626f8d10b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/seg?add=9755599
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 07 Jan 2023 07:44:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 309bf3fa-7dea-41f2-ac60-afebbf5378c0
Set-Cookie: uuid2=6891245511884792266; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 07-Apr-2023 07:44:51 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 471 B IP
Hash ebdd682d74725eabbc8113d58ab90863
359da8459289e6200f1dc2bb5544a60502fc6fbb
b170291e4510014a37eaaac4caee20cdada799ac35dba2da72b6d7dbe1589a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3967
Cache-Control: max-age=170893
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Etag: "63b90c01-1d7"
Expires: Mon, 09 Jan 2023 07:13:04 GMT
Last-Modified: Sat, 07 Jan 2023 06:06:57 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
200 OK 364 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP
File type JSON data\012- , ASCII text, with very long lines (704), with no line terminators
Hash 27597598b2294bd04295f7fefc71fe18
e4ca85d6924a0fe95fa5a87da3e8c92df9d43e6d
bb1b72265411eb99c254d13e523a0ddb0da9b73714d5715d3a4386f2b4ed828b
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: application/json
content-length: 364
access-control-expose-headers: CE-Version
ce-version: 11.5.16
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 24 Dec 2022 15:01:03 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 1183428
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b121178e80b49-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 07 Jan 2023 07:44:51 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 3da8eead-4c5c-42af-a9b9-d2bcfb399732
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2ImSvwH[=!@wnf-Te9(>wL5L!!'SF$iSJ4; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 07-Apr-2023 07:44:51 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
script.crazyegg.com/pages/scripts/0012/9242.js
200 OK 4.9 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP
File type ASCII text, with very long lines (12965), with no line terminators
Hash 6b78ea0a42bdf44ac31bc02e49173f5c
167e8ca811bccc29c7646ef772eab26ae8f7d50e
50b68eb448d26069268bf0277d28784f3f4b145377eb47164b9eeb81012c29cc
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.16
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 24 Dec 2022 15:01:00 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1183430
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b121068730b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
200 OK 2.0 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
File type HTML document, Unicode text, UTF-8 text
Hash 7bcc0644b8e7048e465c7ecc23654d88
8d313bd075586c4d891432f9bad316e867b791f2
52d023112183361def06ee2f3d81872db0d3e1417d30d13a98e5f793f5440c5d
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429149
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e6bca0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=27729911045007087324391271556456567355&ts=1673077480038
200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=27729911045007087324391271556456567355&ts=1673077480038
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=27729911045007087324391271556456567355&ts=1673077480038 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sat, 07 Jan 2023 07:44:51 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 39f497d1a15d0b398e875ec68d62990d
1a7d5ef5eee0582d7ecd830730f5076aba3fb381
fa43dbcbc2d76d0ffcac3c25b7f4a31d947541c1e1c565427ad4bf73f4b27877
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2462
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Last-Modified: Sat, 07 Jan 2023 07:03:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 39f497d1a15d0b398e875ec68d62990d
1a7d5ef5eee0582d7ecd830730f5076aba3fb381
fa43dbcbc2d76d0ffcac3c25b7f4a31d947541c1e1c565427ad4bf73f4b27877
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6532
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Last-Modified: Sat, 07 Jan 2023 05:55:59 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 39f497d1a15d0b398e875ec68d62990d
1a7d5ef5eee0582d7ecd830730f5076aba3fb381
fa43dbcbc2d76d0ffcac3c25b7f4a31d947541c1e1c565427ad4bf73f4b27877
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2462
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 07 Jan 2023 07:44:51 GMT
Last-Modified: Sat, 07 Jan 2023 07:03:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
unibet.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 7 Jan 2023 07:44:51 GMT
DCS: dcs-prod-irl1-1-v045-0ed41892e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Op//21JPTQE=
Content-Length: 2791
Connection: keep-alive
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
200 OK 1.9 kB URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6cc413149786c4a1f002286ae228b75b
1aee1239410d0d1b8a0adb1b1a6c4ff4f09f1de1
9cc9a2a5d1ff33527b1b99d22060fe18c881d9834d01c3b2c33b8fbbd545b9fb
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 81
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b1212da63b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
200 OK 3.8 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
File type HTML document, ASCII text
Hash 34e517aedff23ffb81108dd94e33f979
977c9266bc09e7d3c7313f415cf843b0e790f3bf
a594c0500830142ff608bb6e300b49fa596bae45fcc43126a6978cf12c56665c
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429149
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd20b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=27712368772785297674394989596542087072
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=27712368772785297674394989596542087072
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=27712368772785297674394989596542087072 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sat, 07 Jan 2023 07:44:51 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y7ki8wAAANRgtwMx; Domain=.everesttech.net; Expires=Sun, 07-Jan-2024 07:44:51 GMT; Path=/
everest_session_v2=Y7ki8wAAANRguAMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y7ki8wAAANRgtwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=36764429563623683473392922899645432227; Max-Age=15552000; Expires=Thu, 06 Jul 2023 07:44:51 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: l14g7Xc1SW0=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7ki8wAAANRgtwMx
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7ki8wAAANRgtwMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: CX3En41KRBg=
Content-Length: 59
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8be10b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8be20b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
302 Found 0 B URL HTTP/2 adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP
ASN #24940 Hetzner Online GmbH
GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 07 Jan 2023 07:44:49 GMT
content-type: text/html; charset=utf-8
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjuSLx-Iq6z5tJ5WlckI6Lwyfo9sig7OZGPzvRBxDUExjuR_25uoFPUyKVlD2rHpMgeE7p9590NudJlnCYp1Ukd9Ij73DsCyFIJwkRlZlC2SuvvSB1O6UCBclmDZRl9IInmrbxSeScn6VxGIRPjVSx4am7_IswJdrr-zpqy9pHjQ60uI5p843lWixM-J05P__IxkDy0gOmFgmAUft4vQe5LU9f6jFJFFyT-K8iblRqp6VsX1YovcYQwkFtcGpanVIvAFZtLQgIEdk7d5dk7A6jbA2CToyhVB69-yxpzxYulg4LbINgMF2fB5cIUsKZUPTPQ56rIATHi_wjEsqcxZW7xNuIJTHfR4ItsK8b9LAh--RxogbrnOpq5UcgbGDQtBCAQ_u7TsXhvljDeTP0TE6DIvzy7ouHxo8PUWxX78zCBIhlnhWt3-BFa0FHxbFzpMJqtpjlFB3GzQ3hLoItU2D2VJR9befGcCvVF8XUKvNKuFbG4ZB5Yl95eK8OCRgsbvFmKOZzGldv9E3nG-4gc_4Luoo5a6x5m-I7kVkQ1MUsfi88LkVwalwd9MRZzW8otfadEN7rWVmyhIpdhwEaIfHBHy26S7mzwb5UWKk2A5slTD8w5LiYGlCgqmx6RnAhkPUZsNtqN8Of1v1Sc9k2L1t2J7wC7SjiWVmsk0kNah1s1ntNX5rl6ylkS0QaRpmbU-VqKmhv1_tz57T5vHQW8SaPy9tjBRgG-hyPwzEGxVliTwuJZyP749CUf8cHSHc6zhfJ6W8IupvqL0CriCPY58sznWSy6IIQ_CHr12LnZ2K4Izr3AxEOikUUg5xHi_nl74W4M8I_bCqrryItTtFH6zI0P4-dxAbWDcqjwFW6VaD6gBOoACx68M_VIMrsOy5FwQ5ORZBtqqWRuJ7HxBe3R6QLB3oIgwwxzjqIuhBBhwnF_-WKRl3mUopE158cl-OVeiq3xdoYd7cL4hZ_v6kNtksqcUe16gVNCmu5UgcpSXh6G9Owb0sd7ZARNzJutOofTKviTe929aNATvU17AvmY0y6xWEckMJer8EqcGppoLwb_tFUlN1eH0fDn3CM5VHzzMDhofn22iGgungGDVhny9PYfLhYAr0qmiCyOXr37P8MRIOEWp831ouRW3HMfNzY1yVZvkKep2qAAj1xoB1fCT4crSX5Cve2ag3Z4eTXuZUKoDQ0fSUqda4Z1KQYbKDtFrntaI86XmeZx2CFVidKSPY8pl2grTiKtrZ4II-AkB9P0GtCHajvm6M4Mf65VYxXPtRnp3A1riujG51WuvChTGnSTMtvbzIRy8xBVZQkbggBJov3Yg6nSnuWCJRQ3wUImhMzXNqyNNgZheBs3ncCjOxTorg0O4GvKHAdjNtL4lCFmYRqSVg1ku6hNMO6irWErcKpEgqfumcZg4bd6xSkMUiBfq2zyB8XGalEzYItb-HghiN9nRBjJiyjCX_6XshAyMr96ElRiOq8iX04Q9br2Xl6cM1AgQFxBj4HQ6SfJkRKwXL88GHRcJNsKyU5laz-_q8eDRGAsmfh60PDXZ_zdBO3ZkfjKPg0-DcxgVjPiRKfwFmUhTPoMW18AEPjt2ZdQrzMvPmhfObsYplH_zH7C-fglMEYEebcvmfrSsByugCcBBbxVDpx1SFZP1x67oqAK3-Li1RTC2Wm4lPSdRZJeny1T4ku8t3OU9ndTthfWgu9lMzBE6xy_ZQItyQROC3NBImkEXL1MEgnsQ_gFXgFp-497mLFmWhAnc-xkNu2X44Or4DWmeREs4h4i5QHC6pKtb2nxKl73esH-ZqYD4My37wxZnOqS40F8PwiAq1P9KbncN_WTmJoA5ZM_uebsPwZ-Avd9HA52z7xLsrcyiyj5hP6XGbNCkP1GatjEcOomgkufYzpDrN-ytFSYjlLmynBtulYAGeXy-vqB8DTrtWjtgdli0fCVEvav0cSYIRGhoVT6a0NjZK_OxmV2BontAZQVlwGGZfS3jR9PZ9RqY7tK7KbD4ki6nfTtYA5gSf3_IUOJ06wELo6uH51lgX_veIvKW3hPxaPWQgO-UJQVhNBERPAi429UaOsXf4k1x8kZwLzY__U8fG1kgBPvmTaJapki5Y45m7eiTWvd6GiJudDmli_5NPHkoV5iAKxq1gHovk6c2aPCNbNeBBG6YBP3fpQM3JG_bevcFaHuwK5AZ82FXA4jabong%3D%3D
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429149
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e7bd40b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8be00b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429145
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8bea0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
curvyalpaca.cc/click?a=Csxn&e=gAAAAABjuSLx-Iq6z5tJ5WlckI6Lwyfo9sig7OZGPzvRBxDUExjuR_25uoFPUyKVlD2rHpMgeE7p9590NudJlnCYp1Ukd9Ij73DsCyFIJwkRlZlC2SuvvSB1O6UCBclmDZRl9IInmrbxSeScn6VxGIRPjVSx4am7_IswJdrr-zpqy9pHjQ60uI5p843lWixM-J05P__IxkDy0gOmFgmAUft4vQe5LU9f6jFJFFyT-K8iblRqp6VsX1YovcYQwkFtcGpanVIvAFZtLQgIEdk7d5dk7A6jbA2CToyhVB69-yxpzxYulg4LbINgMF2fB5cIUsKZUPTPQ56rIATHi_wjEsqcxZW7xNuIJTHfR4ItsK8b9LAh--RxogbrnOpq5UcgbGDQtBCAQ_u7TsXhvljDeTP0TE6DIvzy7ouHxo8PUWxX78zCBIhlnhWt3-BFa0FHxbFzpMJqtpjlFB3GzQ3hLoItU2D2VJR9befGcCvVF8XUKvNKuFbG4ZB5Yl95eK8OCRgsbvFmKOZzGldv9E3nG-4gc_4Luoo5a6x5m-I7kVkQ1MUsfi88LkVwalwd9MRZzW8otfadEN7rWVmyhIpdhwEaIfHBHy26S7mzwb5UWKk2A5slTD8w5LiYGlCgqmx6RnAhkPUZsNtqN8Of1v1Sc9k2L1t2J7wC7SjiWVmsk0kNah1s1ntNX5rl6ylkS0QaRpmbU-VqKmhv1_tz57T5vHQW8SaPy9tjBRgG-hyPwzEGxVliTwuJZyP749CUf8cHSHc6zhfJ6W8IupvqL0CriCPY58sznWSy6IIQ_CHr12LnZ2K4Izr3AxEOikUUg5xHi_nl74W4M8I_bCqrryItTtFH6zI0P4-dxAbWDcqjwFW6VaD6gBOoACx68M_VIMrsOy5FwQ5ORZBtqqWRuJ7HxBe3R6QLB3oIgwwxzjqIuhBBhwnF_-WKRl3mUopE158cl-OVeiq3xdoYd7cL4hZ_v6kNtksqcUe16gVNCmu5UgcpSXh6G9Owb0sd7ZARNzJutOofTKviTe929aNATvU17AvmY0y6xWEckMJer8EqcGppoLwb_tFUlN1eH0fDn3CM5VHzzMDhofn22iGgungGDVhny9PYfLhYAr0qmiCyOXr37P8MRIOEWp831ouRW3HMfNzY1yVZvkKep2qAAj1xoB1fCT4crSX5Cve2ag3Z4eTXuZUKoDQ0fSUqda4Z1KQYbKDtFrntaI86XmeZx2CFVidKSPY8pl2grTiKtrZ4II-AkB9P0GtCHajvm6M4Mf65VYxXPtRnp3A1riujG51WuvChTGnSTMtvbzIRy8xBVZQkbggBJov3Yg6nSnuWCJRQ3wUImhMzXNqyNNgZheBs3ncCjOxTorg0O4GvKHAdjNtL4lCFmYRqSVg1ku6hNMO6irWErcKpEgqfumcZg4bd6xSkMUiBfq2zyB8XGalEzYItb-HghiN9nRBjJiyjCX_6XshAyMr96ElRiOq8iX04Q9br2Xl6cM1AgQFxBj4HQ6SfJkRKwXL88GHRcJNsKyU5laz-_q8eDRGAsmfh60PDXZ_zdBO3ZkfjKPg0-DcxgVjPiRKfwFmUhTPoMW18AEPjt2ZdQrzMvPmhfObsYplH_zH7C-fglMEYEebcvmfrSsByugCcBBbxVDpx1SFZP1x67oqAK3-Li1RTC2Wm4lPSdRZJeny1T4ku8t3OU9ndTthfWgu9lMzBE6xy_ZQItyQROC3NBImkEXL1MEgnsQ_gFXgFp-497mLFmWhAnc-xkNu2X44Or4DWmeREs4h4i5QHC6pKtb2nxKl73esH-ZqYD4My37wxZnOqS40F8PwiAq1P9KbncN_WTmJoA5ZM_uebsPwZ-Avd9HA52z7xLsrcyiyj5hP6XGbNCkP1GatjEcOomgkufYzpDrN-ytFSYjlLmynBtulYAGeXy-vqB8DTrtWjtgdli0fCVEvav0cSYIRGhoVT6a0NjZK_OxmV2BontAZQVlwGGZfS3jR9PZ9RqY7tK7KbD4ki6nfTtYA5gSf3_IUOJ06wELo6uH51lgX_veIvKW3hPxaPWQgO-UJQVhNBERPAi429UaOsXf4k1x8kZwLzY__U8fG1kgBPvmTaJapki5Y45m7eiTWvd6GiJudDmli_5NPHkoV5iAKxq1gHovk6c2aPCNbNeBBG6YBP3fpQM3JG_bevcFaHuwK5AZ82FXA4jabong%3D%3D
200 OK 0 B URL HTTP/2 curvyalpaca.cc/click?a=Csxn&e=gAAAAABjuSLx-Iq6z5tJ5WlckI6Lwyfo9sig7OZGPzvRBxDUExjuR_25uoFPUyKVlD2rHpMgeE7p9590NudJlnCYp1Ukd9Ij73DsCyFIJwkRlZlC2SuvvSB1O6UCBclmDZRl9IInmrbxSeScn6VxGIRPjVSx4am7_IswJdrr-zpqy9pHjQ60uI5p843lWixM-J05P__IxkDy0gOmFgmAUft4vQe5LU9f6jFJFFyT-K8iblRqp6VsX1YovcYQwkFtcGpanVIvAFZtLQgIEdk7d5dk7A6jbA2CToyhVB69-yxpzxYulg4LbINgMF2fB5cIUsKZUPTPQ56rIATHi_wjEsqcxZW7xNuIJTHfR4ItsK8b9LAh--RxogbrnOpq5UcgbGDQtBCAQ_u7TsXhvljDeTP0TE6DIvzy7ouHxo8PUWxX78zCBIhlnhWt3-BFa0FHxbFzpMJqtpjlFB3GzQ3hLoItU2D2VJR9befGcCvVF8XUKvNKuFbG4ZB5Yl95eK8OCRgsbvFmKOZzGldv9E3nG-4gc_4Luoo5a6x5m-I7kVkQ1MUsfi88LkVwalwd9MRZzW8otfadEN7rWVmyhIpdhwEaIfHBHy26S7mzwb5UWKk2A5slTD8w5LiYGlCgqmx6RnAhkPUZsNtqN8Of1v1Sc9k2L1t2J7wC7SjiWVmsk0kNah1s1ntNX5rl6ylkS0QaRpmbU-VqKmhv1_tz57T5vHQW8SaPy9tjBRgG-hyPwzEGxVliTwuJZyP749CUf8cHSHc6zhfJ6W8IupvqL0CriCPY58sznWSy6IIQ_CHr12LnZ2K4Izr3AxEOikUUg5xHi_nl74W4M8I_bCqrryItTtFH6zI0P4-dxAbWDcqjwFW6VaD6gBOoACx68M_VIMrsOy5FwQ5ORZBtqqWRuJ7HxBe3R6QLB3oIgwwxzjqIuhBBhwnF_-WKRl3mUopE158cl-OVeiq3xdoYd7cL4hZ_v6kNtksqcUe16gVNCmu5UgcpSXh6G9Owb0sd7ZARNzJutOofTKviTe929aNATvU17AvmY0y6xWEckMJer8EqcGppoLwb_tFUlN1eH0fDn3CM5VHzzMDhofn22iGgungGDVhny9PYfLhYAr0qmiCyOXr37P8MRIOEWp831ouRW3HMfNzY1yVZvkKep2qAAj1xoB1fCT4crSX5Cve2ag3Z4eTXuZUKoDQ0fSUqda4Z1KQYbKDtFrntaI86XmeZx2CFVidKSPY8pl2grTiKtrZ4II-AkB9P0GtCHajvm6M4Mf65VYxXPtRnp3A1riujG51WuvChTGnSTMtvbzIRy8xBVZQkbggBJov3Yg6nSnuWCJRQ3wUImhMzXNqyNNgZheBs3ncCjOxTorg0O4GvKHAdjNtL4lCFmYRqSVg1ku6hNMO6irWErcKpEgqfumcZg4bd6xSkMUiBfq2zyB8XGalEzYItb-HghiN9nRBjJiyjCX_6XshAyMr96ElRiOq8iX04Q9br2Xl6cM1AgQFxBj4HQ6SfJkRKwXL88GHRcJNsKyU5laz-_q8eDRGAsmfh60PDXZ_zdBO3ZkfjKPg0-DcxgVjPiRKfwFmUhTPoMW18AEPjt2ZdQrzMvPmhfObsYplH_zH7C-fglMEYEebcvmfrSsByugCcBBbxVDpx1SFZP1x67oqAK3-Li1RTC2Wm4lPSdRZJeny1T4ku8t3OU9ndTthfWgu9lMzBE6xy_ZQItyQROC3NBImkEXL1MEgnsQ_gFXgFp-497mLFmWhAnc-xkNu2X44Or4DWmeREs4h4i5QHC6pKtb2nxKl73esH-ZqYD4My37wxZnOqS40F8PwiAq1P9KbncN_WTmJoA5ZM_uebsPwZ-Avd9HA52z7xLsrcyiyj5hP6XGbNCkP1GatjEcOomgkufYzpDrN-ytFSYjlLmynBtulYAGeXy-vqB8DTrtWjtgdli0fCVEvav0cSYIRGhoVT6a0NjZK_OxmV2BontAZQVlwGGZfS3jR9PZ9RqY7tK7KbD4ki6nfTtYA5gSf3_IUOJ06wELo6uH51lgX_veIvKW3hPxaPWQgO-UJQVhNBERPAi429UaOsXf4k1x8kZwLzY__U8fG1kgBPvmTaJapki5Y45m7eiTWvd6GiJudDmli_5NPHkoV5iAKxq1gHovk6c2aPCNbNeBBG6YBP3fpQM3JG_bevcFaHuwK5AZ82FXA4jabong%3D%3D
IP
ASN #24940 Hetzner Online GmbH
GET /click?a=Csxn&e=gAAAAABjuSLx-Iq6z5tJ5WlckI6Lwyfo9sig7OZGPzvRBxDUExjuR_25uoFPUyKVlD2rHpMgeE7p9590NudJlnCYp1Ukd9Ij73DsCyFIJwkRlZlC2SuvvSB1O6UCBclmDZRl9IInmrbxSeScn6VxGIRPjVSx4am7_IswJdrr-zpqy9pHjQ60uI5p843lWixM-J05P__IxkDy0gOmFgmAUft4vQe5LU9f6jFJFFyT-K8iblRqp6VsX1YovcYQwkFtcGpanVIvAFZtLQgIEdk7d5dk7A6jbA2CToyhVB69-yxpzxYulg4LbINgMF2fB5cIUsKZUPTPQ56rIATHi_wjEsqcxZW7xNuIJTHfR4ItsK8b9LAh--RxogbrnOpq5UcgbGDQtBCAQ_u7TsXhvljDeTP0TE6DIvzy7ouHxo8PUWxX78zCBIhlnhWt3-BFa0FHxbFzpMJqtpjlFB3GzQ3hLoItU2D2VJR9befGcCvVF8XUKvNKuFbG4ZB5Yl95eK8OCRgsbvFmKOZzGldv9E3nG-4gc_4Luoo5a6x5m-I7kVkQ1MUsfi88LkVwalwd9MRZzW8otfadEN7rWVmyhIpdhwEaIfHBHy26S7mzwb5UWKk2A5slTD8w5LiYGlCgqmx6RnAhkPUZsNtqN8Of1v1Sc9k2L1t2J7wC7SjiWVmsk0kNah1s1ntNX5rl6ylkS0QaRpmbU-VqKmhv1_tz57T5vHQW8SaPy9tjBRgG-hyPwzEGxVliTwuJZyP749CUf8cHSHc6zhfJ6W8IupvqL0CriCPY58sznWSy6IIQ_CHr12LnZ2K4Izr3AxEOikUUg5xHi_nl74W4M8I_bCqrryItTtFH6zI0P4-dxAbWDcqjwFW6VaD6gBOoACx68M_VIMrsOy5FwQ5ORZBtqqWRuJ7HxBe3R6QLB3oIgwwxzjqIuhBBhwnF_-WKRl3mUopE158cl-OVeiq3xdoYd7cL4hZ_v6kNtksqcUe16gVNCmu5UgcpSXh6G9Owb0sd7ZARNzJutOofTKviTe929aNATvU17AvmY0y6xWEckMJer8EqcGppoLwb_tFUlN1eH0fDn3CM5VHzzMDhofn22iGgungGDVhny9PYfLhYAr0qmiCyOXr37P8MRIOEWp831ouRW3HMfNzY1yVZvkKep2qAAj1xoB1fCT4crSX5Cve2ag3Z4eTXuZUKoDQ0fSUqda4Z1KQYbKDtFrntaI86XmeZx2CFVidKSPY8pl2grTiKtrZ4II-AkB9P0GtCHajvm6M4Mf65VYxXPtRnp3A1riujG51WuvChTGnSTMtvbzIRy8xBVZQkbggBJov3Yg6nSnuWCJRQ3wUImhMzXNqyNNgZheBs3ncCjOxTorg0O4GvKHAdjNtL4lCFmYRqSVg1ku6hNMO6irWErcKpEgqfumcZg4bd6xSkMUiBfq2zyB8XGalEzYItb-HghiN9nRBjJiyjCX_6XshAyMr96ElRiOq8iX04Q9br2Xl6cM1AgQFxBj4HQ6SfJkRKwXL88GHRcJNsKyU5laz-_q8eDRGAsmfh60PDXZ_zdBO3ZkfjKPg0-DcxgVjPiRKfwFmUhTPoMW18AEPjt2ZdQrzMvPmhfObsYplH_zH7C-fglMEYEebcvmfrSsByugCcBBbxVDpx1SFZP1x67oqAK3-Li1RTC2Wm4lPSdRZJeny1T4ku8t3OU9ndTthfWgu9lMzBE6xy_ZQItyQROC3NBImkEXL1MEgnsQ_gFXgFp-497mLFmWhAnc-xkNu2X44Or4DWmeREs4h4i5QHC6pKtb2nxKl73esH-ZqYD4My37wxZnOqS40F8PwiAq1P9KbncN_WTmJoA5ZM_uebsPwZ-Avd9HA52z7xLsrcyiyj5hP6XGbNCkP1GatjEcOomgkufYzpDrN-ytFSYjlLmynBtulYAGeXy-vqB8DTrtWjtgdli0fCVEvav0cSYIRGhoVT6a0NjZK_OxmV2BontAZQVlwGGZfS3jR9PZ9RqY7tK7KbD4ki6nfTtYA5gSf3_IUOJ06wELo6uH51lgX_veIvKW3hPxaPWQgO-UJQVhNBERPAi429UaOsXf4k1x8kZwLzY__U8fG1kgBPvmTaJapki5Y45m7eiTWvd6GiJudDmli_5NPHkoV5iAKxq1gHovk6c2aPCNbNeBBG6YBP3fpQM3JG_bevcFaHuwK5AZ82FXA4jabong%3D%3D HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.1
date: Sat, 07 Jan 2023 07:44:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 07 Jan 2023 07:44:51 GMT
date: Sat, 07 Jan 2023 07:44:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: application/xml
x-ms-request-id: e1ca045b-d01e-002d-7b6b-22a171000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 286
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120e8be50b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:47 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsXUzbuUF3s8%2FR5SESKkwrmuCZJLTxFNs8vAiqY80qyLXZPUMP7%2Ff053KH5wH%2FqBdRmmlSt5ByQRxGMvjbqIedJBwLJr1%2B%2Bg%2F8qgYn9meY%2BK4BmdKinVMfwjefWuY4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 785b11f9fc36b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
IP
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:50 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: e57a8ff5-101e-006f-366b-2218f1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b120caad80b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 178
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b1212da5fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_AD703FBE93E64830B275F1C120C6AE19&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1673077490366)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C202317744%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228657493532%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB155306D"
x-ms-request-id: ef96856b-501e-0041-3303-034ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 429108
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b12105d0e0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 07 Jan 2023 07:44:51 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 81
vary: Accept-Encoding
server: cloudflare
cf-ray: 785b1212da60b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
198.211.113.186
93.184.220.29
85.184.96.0
104.18.25.188
95.211.229.245
23.36.79.11
54.171.1.252
51.161.115.163
185.89.211.84
51.83.143.92