link88299.blogspot.com/
216.58.207.193 55 kB IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (474)
Hash 551948780ee575b74255f32fd8daa039
5601db863d9f9d74008937e70f74c049a3afbf2e
f7fce6d2f16a7dcbffdf9c4fcd914505a41ff1fa2075cefaedaf7274166adf19
GET / HTTP/1.1
Host: link88299.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Mon, 04 Dec 2023 05:11:35 GMT
date: Mon, 04 Dec 2023 05:11:35 GMT
cache-control: private, max-age=0
last-modified: Sun, 03 Dec 2023 13:35:16 GMT
etag: W/"db212ad7fc6d8bf74f3ded02fcee1c61018df5a903ab86990ff61a4e2afb3b87"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 54840
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
link88299.blogspot.com/js/cookienotice.js
216.58.207.193 2.0 kB URL link88299.blogspot.com/js/cookienotice.js
IP 216.58.207.193:0
Hash a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
GET /js/cookienotice.js HTTP/1.1
Host: link88299.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Mon, 04 Dec 2023 05:11:36 GMT
expires: Mon, 11 Dec 2023 05:11:36 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 01:49:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css
104.17.25.14 19 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65317)
Hash 8bb6644125ddeee7a27732e86f65fa05
686e3160cff3fb1be2de10779754b40f15948208
6752b9ba151a25703b2e5d17ad9ff42615f8940b591694fa8e42ab1034f476b5
GET /ajax/libs/font-awesome/6.2.1/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:36 GMT
content-type: text/css; charset=utf-8
content-length: 18716
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6373d4a6-491c"
last-modified: Tue, 15 Nov 2022 18:04:22 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 867243
expires: Sat, 23 Nov 2024 05:11:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7E3UDpYgsN5ulUJzlDI%2Bt%2FfLyOkXy1gqS1ioqjLqu6VTp2WFg06xhNcsTvMhLcOVvApWmKQkAPwh13HrzVNSD3G4xm9JaHM3Gd9fpQKll6pjMxyEudX813PnVIHZdTCQrtg5bB0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83018cb57ff6568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.42 34 kB URL ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:14:46 GMT
expires: Fri, 29 Nov 2024 05:14:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 345410
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3754116945-widgets.js
216.58.207.233 59 kB URL www.blogger.com/static/v1/widgets/3754116945-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2258)
Hash 0f3580b0033bbd151cdb647634be7404
4d8508ef28b0e50fa8c28ccaeb1f2a6855a75bdc
38d944d88c98612f76ed693afb143f1c032ca27ba56ec46a6714ab3dc511f974
GET /static/v1/widgets/3754116945-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 01:58:17 GMT
expires: Sat, 30 Nov 2024 01:58:17 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 23:28:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 270799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/webfonts/fa-brands-400.woff2
104.17.25.14 108 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/webfonts/fa-brands-400.woff2
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 107656, version 770.768\012- data
Size 108 kB (107656 bytes)
Hash e2f5b365c7d3d4497da73148ddfae997
b99813b3c531d8fe90aed3b75d2ed71f8e0c87f4
c61287c2fa9863b5fb5844c683a168ac6520c94d822bb43d5eae35c3a2a82166
GET /ajax/libs/font-awesome/6.2.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:11:36 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 107656
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6373d4a6-1a488"
last-modified: Tue, 15 Nov 2022 18:04:22 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 859317
expires: Sat, 23 Nov 2024 05:11:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3V89L0N1RwMkpCbKoQFcRyk2hBKABMNAWFo%2BnU1W11izSTEgkxm6ZNarLA0SdKtz40Xq2G1JHo9%2B8J%2BvVhr8zVfTiVeVqaOT%2FVBHgHp1%2FTmhhN%2FhbvT8NIYS93OB7TIwDPn%2FM0WM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83018cb6fdcab4fa-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/webfonts/fa-solid-900.woff2
104.17.25.14 150 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/webfonts/fa-solid-900.woff2
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 150516, version 770.768\012- data
Size 150 kB (150516 bytes)
Hash 328a9d0f59f0ebb55cddac6f39995bea
c0e6e76b4a02c34656ff2a41b671e02f2821829b
8f06540fd77f1effe1e2da8ea10cec4a382dda9cc6ef05d816e1d6de444072f2
GET /ajax/libs/font-awesome/6.2.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:11:36 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150516
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6373d4a6-24bf4"
last-modified: Tue, 15 Nov 2022 18:04:22 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 943069
expires: Sat, 23 Nov 2024 05:11:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCUHQwRQWg%2FwBKPgiouvR0WmazzK4A4ylAWEHHteYS%2FrzOG0S3WfvwqG1BRuCutQB4ntNIQl9Lbhfw1BoHvfWB6zRmSAfyCtqPjDWS2vk4JbJGydf9%2BmoCBVwfockaQykseOahTl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83018cb6fdcbb4fa-OSL
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
216.58.207.227 21 kB URL fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21304, version 1.0\012- data
Hash d8bc03a60729f4b05b42e057e21eaed3
51d1a6303f98e2426f5b300105fd9c04784f1395
0803fe007fad869e084745368c965e8d55f9be108559cfd8a3d802cde1fe34c1
GET /s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21304
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:46:49 GMT
expires: Fri, 29 Nov 2024 04:46:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jul 2019 19:21:15 GMT
content-type: font/woff2
age: 347087
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
216.58.207.227 21 kB URL fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21244, version 1.0\012- data
Hash 78773521b0ffe376bc7edd8ec2a591fb
298df2fcb48b2e9b51e81a6e12d5529835204e29
ca0b35aa0f48d8359e7fce9feec83f90ed60c0b857cdf29784f0803b70de4e55
GET /s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:03:35 GMT
expires: Fri, 29 Nov 2024 05:03:35 GMT
cache-control: public, max-age=31536000
age: 346081
last-modified: Mon, 22 Jul 2019 19:21:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
216.58.207.227 22 kB URL fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22336, version 1.0\012- data
Hash 2ecb426f85ffc1c53b677556210e629f
ad9850819763f79ddc8e1edb97609acbb5f1c28d
92bf2667e3434750097f9212feca904c5e7ac36d9155463d25d79f1415018219
GET /s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22336
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:24:07 GMT
expires: Fri, 29 Nov 2024 23:24:07 GMT
cache-control: public, max-age=31536000
age: 280049
last-modified: Mon, 22 Jul 2019 19:22:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5R8cVl4EbqwBLBFeOmhpqKjXvdtHLUM2A-ziApDPgn1AYYG1CLX-BcmkWzl-TtS6q6c3VsaN2iy1mWzqFdoloppTlNlJOXb82gomqy-_J0fTN6Q4d5ZF4_WaTOIv612K_GLuzToq8iX2gTEW7zOeYE6Q2Y-6AEJHwDX3n0LFXnfqWM8kixZD083Io1Fo/w72-h72-p-k-no-nu/aHR0cHM6Ly9pY2RuMDUuYmlnZnVjay50di9wb3Juc3Rhci84My83MWI1YTRlMTUzNDEyZDRhODU3MzhiMjg2NDMyYjlhNS5qcGc.webp
142.250.74.97 3.2 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5R8cVl4EbqwBLBFeOmhpqKjXvdtHLUM2A-ziApDPgn1AYYG1CLX-BcmkWzl-TtS6q6c3VsaN2iy1mWzqFdoloppTlNlJOXb82gomqy-_J0fTN6Q4d5ZF4_WaTOIv612K_GLuzToq8iX2gTEW7zOeYE6Q2Y-6AEJHwDX3n0LFXnfqWM8kixZD083Io1Fo/w72-h72-p-k-no-nu/aHR0cHM6Ly9pY2RuMDUuYmlnZnVjay50di9wb3Juc3Rhci84My83MWI1YTRlMTUzNDEyZDRhODU3MzhiMjg2NDMyYjlhNS5qcGc.webp
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 4fdf6572a92b8c6157934c3c949a4aa8
b04a67d5d34d0ce9b77a4cfcce12f819dff57798
f128dd4aab2676d9b01a2ab95fd83186cae38cfc6ff3a0e0af98c45041bb18cf
GET /img/b/R29vZ2xl/AVvXsEj5R8cVl4EbqwBLBFeOmhpqKjXvdtHLUM2A-ziApDPgn1AYYG1CLX-BcmkWzl-TtS6q6c3VsaN2iy1mWzqFdoloppTlNlJOXb82gomqy-_J0fTN6Q4d5ZF4_WaTOIv612K_GLuzToq8iX2gTEW7zOeYE6Q2Y-6AEJHwDX3n0LFXnfqWM8kixZD083Io1Fo/w72-h72-p-k-no-nu/aHR0cHM6Ly9pY2RuMDUuYmlnZnVjay50di9wb3Juc3Rhci84My83MWI1YTRlMTUzNDEyZDRhODU3MzhiMjg2NDMyYjlhNS5qcGc.webp HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v95"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="aHR0cHM6Ly9pY2RuMDUuYmlnZnVjay50di9wb3Juc3Rhci84My83MWI1YTRlMTUzNDEyZDRhODU3MzhiMjg2NDMyYjlhNS5qcGc.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 3206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiamrgQ15UgPa3uiNge6kWz1M2TLxkcfFHNUtjhq2o6l8uRMUmXS5JnjqXfBx8zbxmeNNpjCaKRf6F1XFsbcDLsgiY07MbjCce0QhpmdxgIcnTgFfIHYsh-q2hukQ34-DoZwK4DJsswFQzejAiMVbUxGqQwot1hxgQtV3GksHjiuVioQ87f7X22rSJgHXY/w72-h72-p-k-no-nu/whatsapp-logo-whatsapp-icon-logo-free-free-vector.jpg
142.250.74.97 2.7 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiamrgQ15UgPa3uiNge6kWz1M2TLxkcfFHNUtjhq2o6l8uRMUmXS5JnjqXfBx8zbxmeNNpjCaKRf6F1XFsbcDLsgiY07MbjCce0QhpmdxgIcnTgFfIHYsh-q2hukQ34-DoZwK4DJsswFQzejAiMVbUxGqQwot1hxgQtV3GksHjiuVioQ87f7X22rSJgHXY/w72-h72-p-k-no-nu/whatsapp-logo-whatsapp-icon-logo-free-free-vector.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash fb8d0bf7ec93e5406848bf61b5a273a7
5a2a9dad6a36e04b4c24b410de427ec911959bb0
ca0ee5b9f6de055da6d9da032db2cd3f33241f8de2aa4fd77d453dff2e519c9b
GET /img/b/R29vZ2xl/AVvXsEiamrgQ15UgPa3uiNge6kWz1M2TLxkcfFHNUtjhq2o6l8uRMUmXS5JnjqXfBx8zbxmeNNpjCaKRf6F1XFsbcDLsgiY07MbjCce0QhpmdxgIcnTgFfIHYsh-q2hukQ34-DoZwK4DJsswFQzejAiMVbUxGqQwot1hxgQtV3GksHjiuVioQ87f7X22rSJgHXY/w72-h72-p-k-no-nu/whatsapp-logo-whatsapp-icon-logo-free-free-vector.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v7f"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="whatsapp-logo-whatsapp-icon-logo-free-free-vector.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 2698
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUtXZZ7gWVUZewRZU21PyJTRtvaKdH6j_Dz7A8X4SxyF8HX29mAmT5SR6gq3IeQePwvh5_v6fdHw5puoQyLIenUAVspppTc6rrpm81-L-WVxnzG7ygxMVEg-Rs_ZRp6xEUsCMMNFeESN6b_cmf0pb60oFPCjgadHt_6yOJlDDuZzludIEcNbAIFc0wp4/w72-h72-p-k-no-nu/maxresdefault.jpg
142.250.74.97 4.4 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUtXZZ7gWVUZewRZU21PyJTRtvaKdH6j_Dz7A8X4SxyF8HX29mAmT5SR6gq3IeQePwvh5_v6fdHw5puoQyLIenUAVspppTc6rrpm81-L-WVxnzG7ygxMVEg-Rs_ZRp6xEUsCMMNFeESN6b_cmf0pb60oFPCjgadHt_6yOJlDDuZzludIEcNbAIFc0wp4/w72-h72-p-k-no-nu/maxresdefault.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash f5ff1d1678c57eecce46f74a44aa0d20
069afcc0313809b28a99d4c08b71249b94a3b8ad
2098a34771c4ae39106ba21313d3c9197b2cd27f80e7814c126fc9b519c152dd
GET /img/b/R29vZ2xl/AVvXsEiKUtXZZ7gWVUZewRZU21PyJTRtvaKdH6j_Dz7A8X4SxyF8HX29mAmT5SR6gq3IeQePwvh5_v6fdHw5puoQyLIenUAVspppTc6rrpm81-L-WVxnzG7ygxMVEg-Rs_ZRp6xEUsCMMNFeESN6b_cmf0pb60oFPCjgadHt_6yOJlDDuZzludIEcNbAIFc0wp4/w72-h72-p-k-no-nu/maxresdefault.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v79"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="maxresdefault.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 4405
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5iPh6asL4IWDMJMBv4C-x7pazC2EB7yXj3eZ44bOjeINIlOjerTKiX1l5dvZZ-lbiUlVZNJdoduCwSxEqiTW5vrSnq-oe39fQKbbOUo2_KFOE6Mde6f9Rse2IAH0BQ8O3a1lp0hv_7vMKzXhtOufHBmyMVNiwQVk_NrHnS3KCZIERYdizCU2H-pLI814/w72-h72-p-k-no-nu/hq720.jpg
142.250.74.97 4.0 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5iPh6asL4IWDMJMBv4C-x7pazC2EB7yXj3eZ44bOjeINIlOjerTKiX1l5dvZZ-lbiUlVZNJdoduCwSxEqiTW5vrSnq-oe39fQKbbOUo2_KFOE6Mde6f9Rse2IAH0BQ8O3a1lp0hv_7vMKzXhtOufHBmyMVNiwQVk_NrHnS3KCZIERYdizCU2H-pLI814/w72-h72-p-k-no-nu/hq720.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 21b402c122fb1fcd1e6f9fc8a2a5e5eb
be8f414171dc671d148781e75b949e1ba6ed93ca
d2e46895a4da040205c403b9718e68b20e67e8913b5579cc1d40fa54291a1c7c
GET /img/b/R29vZ2xl/AVvXsEj5iPh6asL4IWDMJMBv4C-x7pazC2EB7yXj3eZ44bOjeINIlOjerTKiX1l5dvZZ-lbiUlVZNJdoduCwSxEqiTW5vrSnq-oe39fQKbbOUo2_KFOE6Mde6f9Rse2IAH0BQ8O3a1lp0hv_7vMKzXhtOufHBmyMVNiwQVk_NrHnS3KCZIERYdizCU2H-pLI814/w72-h72-p-k-no-nu/hq720.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v90"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="hq720.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 4002
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pl21280278.toprevenuegate.com/32252227e406b8b29c64a63d8b4432f2/invoke.js
173.233.137.52 9.3 kB URL pl21280278.toprevenuegate.com/32252227e406b8b29c64a63d8b4432f2/invoke.js
IP 173.233.137.52:0
File type Unicode text, UTF-8 text, with very long lines (25083), with no line terminators
Hash 879c3683102f4ba3e1f3950726d88b19
4ffc6fd3d5cc1290f73d72a24c8ae7cd9ff9c8b2
03b95bd7093d85f17fb6b7ce07e857d06862017cf2d61f6eb2ce675f78f3bbef
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /32252227e406b8b29c64a63d8b4432f2/invoke.js HTTP/1.1
Host: pl21280278.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 085b3ecb94d1197ab3363c1ef5b998e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs_297ZB19_ksDZHe4dzAEjMY7zTDTAQNNj-AIhimIEOoUJSGOu8K5-NYiQEAp8acTDFSJcKT59UzfMa08hoMckCQG1jXKI_-2FsoI8UnsZ6PuHyzcpF-n_TeKRoJVXmm8M1ChTlvT-MJxz510Uz4ylE3Z2c606dn6Vn2TYT9OcyZ3RvhVMPC0X2LAZEk/w72-h72-p-k-no-nu/401639426_360257466566566_4178495800707901890_n.jpg
142.250.74.97 3.1 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs_297ZB19_ksDZHe4dzAEjMY7zTDTAQNNj-AIhimIEOoUJSGOu8K5-NYiQEAp8acTDFSJcKT59UzfMa08hoMckCQG1jXKI_-2FsoI8UnsZ6PuHyzcpF-n_TeKRoJVXmm8M1ChTlvT-MJxz510Uz4ylE3Z2c606dn6Vn2TYT9OcyZ3RvhVMPC0X2LAZEk/w72-h72-p-k-no-nu/401639426_360257466566566_4178495800707901890_n.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 350875710a21e203acfbd988624eaf69
92173a8b2639dd2e111cb5f0a3933309cda917dc
0780c85c1bdda7fbadfdcc3eb18f8da580a3b13d2dd545e557ee328f49d65c78
GET /img/b/R29vZ2xl/AVvXsEgs_297ZB19_ksDZHe4dzAEjMY7zTDTAQNNj-AIhimIEOoUJSGOu8K5-NYiQEAp8acTDFSJcKT59UzfMa08hoMckCQG1jXKI_-2FsoI8UnsZ6PuHyzcpF-n_TeKRoJVXmm8M1ChTlvT-MJxz510Uz4ylE3Z2c606dn6Vn2TYT9OcyZ3RvhVMPC0X2LAZEk/w72-h72-p-k-no-nu/401639426_360257466566566_4178495800707901890_n.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v7b"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="401639426_360257466566566_4178495800707901890_n.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 3104
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgU0AgxgqF_1dQKQmuW2-uc2zWr2TLSSkGbeNVx4FlVzpSgkMA02xk9Hz4iq1EoJRsvVhqJg2HxxDuUrVlorfmeANXfQmvtU0wbm0I1CjF8XSyVkwouEMZ47I6TbwABuzxu2rafEsQPlH8S4Zky2DF9Lcj67v0Gza7aIzZbnyadiKu_CXOgPUvZ02fY8C0=s179
142.250.74.97 8.5 kB URL blogger.googleusercontent.com/img/a/AVvXsEgU0AgxgqF_1dQKQmuW2-uc2zWr2TLSSkGbeNVx4FlVzpSgkMA02xk9Hz4iq1EoJRsvVhqJg2HxxDuUrVlorfmeANXfQmvtU0wbm0I1CjF8XSyVkwouEMZ47I6TbwABuzxu2rafEsQPlH8S4Zky2DF9Lcj67v0Gza7aIzZbnyadiKu_CXOgPUvZ02fY8C0=s179
IP 142.250.74.97:0
File type PNG image data, 150 x 179, 8-bit/color RGBA, non-interlaced\012- data
Hash 6660d6a2966ca591e3d9d29ab0ba7ebc
8f1390ee74aa4b91831fb354712d958b46a879ea
fe53989aa3bf032a494655132175e7ed3949d91fa72f063b122f259d2868e575
GET /img/a/AVvXsEgU0AgxgqF_1dQKQmuW2-uc2zWr2TLSSkGbeNVx4FlVzpSgkMA02xk9Hz4iq1EoJRsvVhqJg2HxxDuUrVlorfmeANXfQmvtU0wbm0I1CjF8XSyVkwouEMZ47I6TbwABuzxu2rafEsQPlH8S4Zky2DF9Lcj67v0Gza7aIzZbnyadiKu_CXOgPUvZ02fY8C0=s179 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v85"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="hands-click-png-icon-5.png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 8450
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJV4-L3SmEppvsPoNDC-wlPmqiXvcRgAGhvkxrmEt9buGAktv5HNPExNHgeBdAJoSdF8xVUnQgZXdWpK59L_QUuYFV_B-0Q8kbLVYeTfK5Uh2kSBmLSXy4iIstZ0_JXmFUvsU5cIyIRN-riMDQOoHKrnT0-HsDFTBzEy3GqlG0E0_yyBKm3iQZ1yNguV0/w72-h72-p-k-no-nu/Ullu-web-serie.png
142.250.74.97 3.6 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJV4-L3SmEppvsPoNDC-wlPmqiXvcRgAGhvkxrmEt9buGAktv5HNPExNHgeBdAJoSdF8xVUnQgZXdWpK59L_QUuYFV_B-0Q8kbLVYeTfK5Uh2kSBmLSXy4iIstZ0_JXmFUvsU5cIyIRN-riMDQOoHKrnT0-HsDFTBzEy3GqlG0E0_yyBKm3iQZ1yNguV0/w72-h72-p-k-no-nu/Ullu-web-serie.png
IP 142.250.74.97:0
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash 97ced2048fa86a5ef83d6a380d5519d4
0697a61e77136cf58d406420878236883909168a
58a8baff231a9a45313282bb76cf40adb97b564051d4c75f8dd7aec577294c1c
GET /img/b/R29vZ2xl/AVvXsEgJV4-L3SmEppvsPoNDC-wlPmqiXvcRgAGhvkxrmEt9buGAktv5HNPExNHgeBdAJoSdF8xVUnQgZXdWpK59L_QUuYFV_B-0Q8kbLVYeTfK5Uh2kSBmLSXy4iIstZ0_JXmFUvsU5cIyIRN-riMDQOoHKrnT0-HsDFTBzEy3GqlG0E0_yyBKm3iQZ1yNguV0/w72-h72-p-k-no-nu/Ullu-web-serie.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v71"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Ullu-web-serie.png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 3627
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEhuF5_GpY0xCU58rkpp2BvJ2EGXvvd1d18A4G7Ilmv9g6MHplE1_wbTFJtr3HS_meLRWSR6J_N0XHUgWVzMC18Jq1X8vXbffbya9iY0x2qKOYMvRw_KOmLs0Rcoejl2H_u13UDvuY7bjxv5YhcF9pmPrQEs4tmaNjgoUphHoUTicdjcJr1lLn7nDc2etcI=s179
142.250.74.97 8.5 kB URL blogger.googleusercontent.com/img/a/AVvXsEhuF5_GpY0xCU58rkpp2BvJ2EGXvvd1d18A4G7Ilmv9g6MHplE1_wbTFJtr3HS_meLRWSR6J_N0XHUgWVzMC18Jq1X8vXbffbya9iY0x2qKOYMvRw_KOmLs0Rcoejl2H_u13UDvuY7bjxv5YhcF9pmPrQEs4tmaNjgoUphHoUTicdjcJr1lLn7nDc2etcI=s179
IP 142.250.74.97:0
File type PNG image data, 150 x 179, 8-bit/color RGBA, non-interlaced\012- data
Hash 6660d6a2966ca591e3d9d29ab0ba7ebc
8f1390ee74aa4b91831fb354712d958b46a879ea
fe53989aa3bf032a494655132175e7ed3949d91fa72f063b122f259d2868e575
GET /img/a/AVvXsEhuF5_GpY0xCU58rkpp2BvJ2EGXvvd1d18A4G7Ilmv9g6MHplE1_wbTFJtr3HS_meLRWSR6J_N0XHUgWVzMC18Jq1X8vXbffbya9iY0x2qKOYMvRw_KOmLs0Rcoejl2H_u13UDvuY7bjxv5YhcF9pmPrQEs4tmaNjgoUphHoUTicdjcJr1lLn7nDc2etcI=s179 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v86"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="hands-click-png-icon-5.png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 8450
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.topcreativeformat.com/c86fc4ac5a6019f084a2491f809aca12/invoke.js
192.243.61.227 11 kB URL www.topcreativeformat.com/c86fc4ac5a6019f084a2491f809aca12/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Hash d0b10af7e6a239361b6b1c0f6463d476
be5d1c62d902f6a0a3d99f3c15311a97af10ac6c
ee7e6ea218aeb978df22d12f53f5657446dec1b1cb080c183cef48acc730172c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c86fc4ac5a6019f084a2491f809aca12/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 778a3c9cdb2407396aac95827f07b427
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCmogRqGIHNcCLl4QeMvabv-OqlsutjM1SSzOt8qAILooTG1aL2ALiHjvvoX0zoheO-viAuPsz1uC55ws2Uk3rIbCG1LcWCVeplVXovZLG95KbpGdlbODOxlvpKe4X8LXTReM1lYSarUOPUDdxKqHZmW3jK4JTODAFtB7XtvafdIUFHC4mWG06qhV1j0Q/w72-h72-p-k-no-nu/112854-ULLU-logo.jpg
142.250.74.97 2.5 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCmogRqGIHNcCLl4QeMvabv-OqlsutjM1SSzOt8qAILooTG1aL2ALiHjvvoX0zoheO-viAuPsz1uC55ws2Uk3rIbCG1LcWCVeplVXovZLG95KbpGdlbODOxlvpKe4X8LXTReM1lYSarUOPUDdxKqHZmW3jK4JTODAFtB7XtvafdIUFHC4mWG06qhV1j0Q/w72-h72-p-k-no-nu/112854-ULLU-logo.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 9f04c19c1050bf121e962c7639566ec1
8c390ce927c113841ef6fba703af3a7c7cddcb15
57cfe108ff6bf884b4772ce2c98b6415c77400330e689d3feb3290dadb37f45a
GET /img/b/R29vZ2xl/AVvXsEiCmogRqGIHNcCLl4QeMvabv-OqlsutjM1SSzOt8qAILooTG1aL2ALiHjvvoX0zoheO-viAuPsz1uC55ws2Uk3rIbCG1LcWCVeplVXovZLG95KbpGdlbODOxlvpKe4X8LXTReM1lYSarUOPUDdxKqHZmW3jK4JTODAFtB7XtvafdIUFHC4mWG06qhV1j0Q/w72-h72-p-k-no-nu/112854-ULLU-logo.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v73"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="112854-ULLU-logo.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 2482
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pl21280141.toprevenuegate.com/43/be/75/43be758bed6ab0d513f8a46444f19559.js
173.233.139.164 16 kB URL pl21280141.toprevenuegate.com/43/be/75/43be758bed6ab0d513f8a46444f19559.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (42835), with no line terminators
Hash f3ae1e41642f133c1956665dba721e41
885ce3906188cfd684c5d9516ba98b2c67595a63
e3289cccc726c4504a322e38c5c4cf635b3cb18b4af2363fb76f211cf2145b98
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /43/be/75/43be758bed6ab0d513f8a46444f19559.js HTTP/1.1
Host: pl21280141.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28e7487b98c5c6869b71b07357a86efb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmMPLs8ZmX69ioyFZ0PgktF7NRCauQ8kQ09ZaY4zbphiNh5E3X133xSIlATSMMNM1vp9Q2v-sv7HohJvMC2cgfKv1-UoaAAwBV5MZmElo7Jdi6iCiVWC3jvTF8SmnfYu-70invJRkhX5CI9IPC5GsGH8EZIZUOXXjn4V8IekDhadXrzlYKdp1tPoUIWnk/w72-h72-p-k-no-nu/pngtree-lip-sexual-sexy-png-image_2326756.jpg
142.250.74.97 3.0 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmMPLs8ZmX69ioyFZ0PgktF7NRCauQ8kQ09ZaY4zbphiNh5E3X133xSIlATSMMNM1vp9Q2v-sv7HohJvMC2cgfKv1-UoaAAwBV5MZmElo7Jdi6iCiVWC3jvTF8SmnfYu-70invJRkhX5CI9IPC5GsGH8EZIZUOXXjn4V8IekDhadXrzlYKdp1tPoUIWnk/w72-h72-p-k-no-nu/pngtree-lip-sexual-sexy-png-image_2326756.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 51ae97b3d4bf60c46f4527ab6b2979e4
b2b967a197a527f38e01c914c5593f14b6642241
bec9c7538a1bdc74fd2f98d7f2a9f627c0c995e43c50f6f8b7f086422cc739cf
GET /img/b/R29vZ2xl/AVvXsEjmMPLs8ZmX69ioyFZ0PgktF7NRCauQ8kQ09ZaY4zbphiNh5E3X133xSIlATSMMNM1vp9Q2v-sv7HohJvMC2cgfKv1-UoaAAwBV5MZmElo7Jdi6iCiVWC3jvTF8SmnfYu-70invJRkhX5CI9IPC5GsGH8EZIZUOXXjn4V8IekDhadXrzlYKdp1tPoUIWnk/w72-h72-p-k-no-nu/pngtree-lip-sexual-sexy-png-image_2326756.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v59"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pngtree-lip-sexual-sexy-png-image_2326756.jpg"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 2959
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTKseLuNKxotIM0LTAERDBYbXl3WvFr99iQNnLr1TruWPbNnlYu3fLM5octUqnQujLopCZVyPgNv4byUKxN7-9brfjH_oZjmr7hgUA46zH4i7tmUX746tGVCgwBb82ZDRSBiOSW4H0gz2SJK08bLgEGm3XHmOMn_aSeFJYHUPGrWl6SLqvWPWMr-bt2OA/w72-h72-p-k-no-nu/images%20(1).png
142.250.74.97 1.1 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTKseLuNKxotIM0LTAERDBYbXl3WvFr99iQNnLr1TruWPbNnlYu3fLM5octUqnQujLopCZVyPgNv4byUKxN7-9brfjH_oZjmr7hgUA46zH4i7tmUX746tGVCgwBb82ZDRSBiOSW4H0gz2SJK08bLgEGm3XHmOMn_aSeFJYHUPGrWl6SLqvWPWMr-bt2OA/w72-h72-p-k-no-nu/images%20(1).png
IP 142.250.74.97:0
File type PNG image data, 72 x 72, 8-bit colormap, non-interlaced\012- data
Hash 76431aaf3ad6070741e815ac9ddbcb7d
125fd15319a4a1a5a9136474f834525a48866fab
343884d28439d90db8f966435e2379dbb9bb70dc7f66464ebbc1b03b779111a4
GET /img/b/R29vZ2xl/AVvXsEiTKseLuNKxotIM0LTAERDBYbXl3WvFr99iQNnLr1TruWPbNnlYu3fLM5octUqnQujLopCZVyPgNv4byUKxN7-9brfjH_oZjmr7hgUA46zH4i7tmUX746tGVCgwBb82ZDRSBiOSW4H0gz2SJK08bLgEGm3XHmOMn_aSeFJYHUPGrWl6SLqvWPWMr-bt2OA/w72-h72-p-k-no-nu/images%20(1).png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v51"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="images (1).png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 1050
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO6o1dx9T96meGSr8zNC8_7Xrx6nIiGZUp_ixqht18CrJaZP4qfaa2-P_9qBG_lyUmGtPdEBng3BOY2c85NMVtoTwb6HEcVz-gYhpZI_pkY1JQJ1N27XYmUm6GFTA0a11qfb0wubveZ7vsb8IS_6VAVUeFOFEXlixwo9nfTspNznVDk902pZa8sCqSg1o/w72-h72-p-k-no-nu/Video-Player-PNG-Image-File.png
142.250.74.97 1.9 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO6o1dx9T96meGSr8zNC8_7Xrx6nIiGZUp_ixqht18CrJaZP4qfaa2-P_9qBG_lyUmGtPdEBng3BOY2c85NMVtoTwb6HEcVz-gYhpZI_pkY1JQJ1N27XYmUm6GFTA0a11qfb0wubveZ7vsb8IS_6VAVUeFOFEXlixwo9nfTspNznVDk902pZa8sCqSg1o/w72-h72-p-k-no-nu/Video-Player-PNG-Image-File.png
IP 142.250.74.97:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash c87e6009e6d622a8919d710278e26fca
2797ad6f41c97745d5259baf0c31790ea77152e3
4ccbfd9efc669a8e2f5b1dd201f257aede96d95eba4a937b67004234242f8eea
GET /img/b/R29vZ2xl/AVvXsEiO6o1dx9T96meGSr8zNC8_7Xrx6nIiGZUp_ixqht18CrJaZP4qfaa2-P_9qBG_lyUmGtPdEBng3BOY2c85NMVtoTwb6HEcVz-gYhpZI_pkY1JQJ1N27XYmUm6GFTA0a11qfb0wubveZ7vsb8IS_6VAVUeFOFEXlixwo9nfTspNznVDk902pZa8sCqSg1o/w72-h72-p-k-no-nu/Video-Player-PNG-Image-File.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v5b"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Video-Player-PNG-Image-File.png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 1894
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizugc5pn6wcMFcHtFk_WaTvE1IZdy6k2oXCyitxSy5lbl-5ws13_b26l35CQmd7ESpWud-ySGGmaZ9f2CJErUFX7JdPtjvSSbwy0bg2A6RFI0iLkiGMgh-_2FHu4G5ymAgIVGgwAUSxY4cCs9FFrv5jLND8w1kVxnJphLjzFoHhLSh4tsm_Lv29WG5J3s/w72-h72-p-k-no-nu/357-3570707_logo-sexy-words-transparent.png
142.250.74.97 1.4 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizugc5pn6wcMFcHtFk_WaTvE1IZdy6k2oXCyitxSy5lbl-5ws13_b26l35CQmd7ESpWud-ySGGmaZ9f2CJErUFX7JdPtjvSSbwy0bg2A6RFI0iLkiGMgh-_2FHu4G5ymAgIVGgwAUSxY4cCs9FFrv5jLND8w1kVxnJphLjzFoHhLSh4tsm_Lv29WG5J3s/w72-h72-p-k-no-nu/357-3570707_logo-sexy-words-transparent.png
IP 142.250.74.97:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash e6dcf6f67a789eb7bdbf8640e223c563
90a62f7282502f1488677c8d263dfbe58ad09790
acdab11c8ce4968055ccbd24894ab36b5b01fc0445e828e5959bd7dc518a1f98
GET /img/b/R29vZ2xl/AVvXsEizugc5pn6wcMFcHtFk_WaTvE1IZdy6k2oXCyitxSy5lbl-5ws13_b26l35CQmd7ESpWud-ySGGmaZ9f2CJErUFX7JdPtjvSSbwy0bg2A6RFI0iLkiGMgh-_2FHu4G5ymAgIVGgwAUSxY4cCs9FFrv5jLND8w1kVxnJphLjzFoHhLSh4tsm_Lv29WG5J3s/w72-h72-p-k-no-nu/357-3570707_logo-sexy-words-transparent.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v61"
expires: Tue, 05 Dec 2023 05:11:37 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="357-3570707_logo-sexy-words-transparent.png"
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 05:11:37 GMT
server: fife
content-length: 1424
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
216.58.207.227 21 kB URL fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21244, version 1.0\012- data
Hash 78773521b0ffe376bc7edd8ec2a591fb
298df2fcb48b2e9b51e81a6e12d5529835204e29
ca0b35aa0f48d8359e7fce9feec83f90ed60c0b857cdf29784f0803b70de4e55
GET /s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:03:35 GMT
expires: Fri, 29 Nov 2024 05:03:35 GMT
cache-control: public, max-age=31536000
age: 346083
last-modified: Mon, 22 Jul 2019 19:21:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
216.58.207.227 22 kB URL fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22336, version 1.0\012- data
Hash 2ecb426f85ffc1c53b677556210e629f
ad9850819763f79ddc8e1edb97609acbb5f1c28d
92bf2667e3434750097f9212feca904c5e7ac36d9155463d25d79f1415018219
GET /s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22336
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:24:07 GMT
expires: Fri, 29 Nov 2024 23:24:07 GMT
cache-control: public, max-age=31536000
age: 280051
last-modified: Mon, 22 Jul 2019 19:22:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
216.58.207.227 21 kB URL fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21304, version 1.0\012- data
Hash d8bc03a60729f4b05b42e057e21eaed3
51d1a6303f98e2426f5b300105fd9c04784f1395
0803fe007fad869e084745368c965e8d55f9be108559cfd8a3d802cde1fe34c1
GET /s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21304
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:46:49 GMT
expires: Fri, 29 Nov 2024 04:46:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jul 2019 19:21:15 GMT
content-type: font/woff2
age: 347089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.topcreativeformat.com/c86fc4ac5a6019f084a2491f809aca12/invoke.js
192.243.61.227 11 kB URL www.topcreativeformat.com/c86fc4ac5a6019f084a2491f809aca12/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Hash 4d28f7d9ee2ab445930aebd6aec16da8
daa0e6cd6bd9f18e54f7fae7552c162abf8ca2c8
1e580a12100d27179d01b90361d86727d69d0caad6821f55aff6b0a63d892ed3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c86fc4ac5a6019f084a2491f809aca12/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac5430752c2c5c79267a6971f178da13
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m03.amazontrust.com/
54.230.218.11 471 B URL ocsp.r2m03.amazontrust.com/
IP 54.230.218.11:0
Hash ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 04 Dec 2023 05:11:38 GMT
Last-Modified: Mon, 04 Dec 2023 03:41:50 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YO0qlUgPOTi4XniT92q4LSY80kvW8eavd9wsnooZtPzdHCKNCzcH8Q==
Age: 5389
proftrafficcounter.com/stats
18.157.203.0 40 B URL proftrafficcounter.com/stats
IP 18.157.203.0:0
File type ASCII text, with no line terminators
Hash aa7da26aad3d4e1e26518fc4696ed007
41703a61ddfd6dd262d3b59a91716d0a180813f0
8276b40b378447114eb52bc070164477d9642b62edc6a9de9278265d89c90c62
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://link88299.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=71858e16-2e52-46fd-9ac1-20039d4fe1e3:3:1; expires=Thu, 01 Dec 2033 05:11:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.157.203.0 40 B URL proftrafficcounter.com/stats
IP 18.157.203.0:0
File type ASCII text, with no line terminators
Hash 42e54c12d054a52c39336029d1dcfd5c
d44073c6464a61e0808b49b406f26e3fc5017fa7
92606c6edbd1438a254ff49c99acb898e112137aaf058d6f29bd29dfb5619fb1
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://link88299.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Thu, 01 Dec 2033 05:11:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.topcreativeformat.com/45347d2f719cbf9347c9b84c38fe0236/invoke.js
192.243.61.227 11 kB URL www.topcreativeformat.com/45347d2f719cbf9347c9b84c38fe0236/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29631), with no line terminators
Hash 0da29fde2f1114b395dc60098301055b
9c3696946906d3a7c95cbb0a685358e0582c760d
8f3f22e8d22706cd546dd7e79618a4a680654fe7efa71ccdd1f4cfdcd0aacca1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /45347d2f719cbf9347c9b84c38fe0236/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5b01b9ab8dcb7140b2ce8f7b8f92e099
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
skiofficerdemote.com/watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1
173.233.139.164 0 B URL skiofficerdemote.com/watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://skiofficerdemote.com/watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1&shu=21a461d07231681df7228a99bbf36fe682864add1507cdd1f9bd887fe9a10742e09df9b1ce8e7f6dd6eba4ac6e60038983c4f74cc460384cc8f0d9067739b6ccad1480030018020abf58f605bace15f4a2a00e17862aea95be2f1f389fda8f7d&pst=1701666759&rmtc=t
Set-Cookie: u_pl=21320299; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTMyMDI5OSwiayI6ImM4NmZjNGFjNWE2MDE5ZjA4NGEyNDkxZjgwOWFjYTEyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjE2NjIwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InUydGtjMndieTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.Q6ksTh4ZRAZjwAvPbnFYB7pZo0vh22axoFfq5qMKT3g; expires=Mon, 04 Dec 2023 05:12:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c153897867b519c09ef1ea79c4ed746d
Strict-Transport-Security: max-age=0; includeSubdomains
landmarkfootnotary.com/watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
173.233.137.44 0 B URL landmarkfootnotary.com/watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1 HTTP/1.1
Host: landmarkfootnotary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://landmarkfootnotary.com/watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=c9484e83caa93169f60e8bec600e914ddb881f4e035572742e5adca1688ae00b3917cdfc03510ebd4739f9491d5c89d61b62ae90c0564989b86dbb350cdfe03bef0a344ace62bfbc29fd3844e803fc41726c626a85dbbca2c7de0e99f477a8&pst=1701666759&rmtc=t
Set-Cookie: u_pl=21320299; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTMyMDI5OSwiayI6ImM4NmZjNGFjNWE2MDE5ZjA4NGEyNDkxZjgwOWFjYTEyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjE2NjIwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InUydGtjMndieTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.Q6ksTh4ZRAZjwAvPbnFYB7pZo0vh22axoFfq5qMKT3g; expires=Mon, 04 Dec 2023 05:12:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa780b13d1460e366bf56d9bd7cd9ae1
Strict-Transport-Security: max-age=0; includeSubdomains
pronedynastyimpertinence.com/watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
173.233.137.44 0 B URL pronedynastyimpertinence.com/watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1 HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://pronedynastyimpertinence.com/watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=72206f5c01576ff16f1f42dcb9c04f1cf5de88f320b02bb1bd99dc8e91fc699d54ef30fceb5f1fa46e4b41c5c49c890e6760915f5b5e2b3a130ec3c26bde943142caf560b8617c663b01be2f38aafcf1fa26f89803402304569849ced9b98f5d&pst=1701666759&rmtc=t
Set-Cookie: u_pl=21179843; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg0MywiayI6IjQ1MzQ3ZDJmNzE5Y2JmOTM0N2M5Yjg0YzM4ZmUwMjM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InFkdzBpNHp6IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbGluazg4Mjk5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FM8aHMMlzO-fB0maIfGKhDpstDNN0GU2AObs63fEdIE; expires=Mon, 04 Dec 2023 05:12:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97b5ff867804c8d6ce5f9451fc39bf00
Strict-Transport-Security: max-age=0; includeSubdomains
www.highcpmcreativeformat.com/6ee4b9e1aa28949d467fff8f39cd56d3/invoke.js
173.233.137.52 11 kB URL www.highcpmcreativeformat.com/6ee4b9e1aa28949d467fff8f39cd56d3/invoke.js
IP 173.233.137.52:0
File type exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Hash 2ef6574313c6d9f09f07feada774ab21
ff8b6bb8fb8759a645b26d0e9b55f08c20417bb5
d37ac1ba0a6e2f285b3721a2ea8ea31d4bc6b6802397aec61ec38c8f2d5404c4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /6ee4b9e1aa28949d467fff8f39cd56d3/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: edae65ec0b1d17aa53e3f7992c53392e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
skiofficerdemote.com/watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1&shu=21a461d07231681df7228a99bbf36fe682864add1507cdd1f9bd887fe9a10742e09df9b1ce8e7f6dd6eba4ac6e60038983c4f74cc460384cc8f0d9067739b6ccad1480030018020abf58f605bace15f4a2a00e17862aea95be2f1f389fda8f7d&pst=1701666759&rmtc=t
173.233.139.164 643 B URL skiofficerdemote.com/watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1&shu=21a461d07231681df7228a99bbf36fe682864add1507cdd1f9bd887fe9a10742e09df9b1ce8e7f6dd6eba4ac6e60038983c4f74cc460384cc8f0d9067739b6ccad1480030018020abf58f605bace15f4a2a00e17862aea95be2f1f389fda8f7d&pst=1701666759&rmtc=t
IP 173.233.139.164:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (603)
Hash 00ce631b0a503c553653fcc7f22277ab
9af55620ef95284481a8a7662f9670819583278f
f7fcd454876b9ba0a9b4ef4c9778bbcc04f2e830350e483c8c8e1addd9e4eaf4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1422976205540.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=71858e16-2e52-46fd-9ac1-20039d4fe1e3%3A3%3A1&shu=21a461d07231681df7228a99bbf36fe682864add1507cdd1f9bd887fe9a10742e09df9b1ce8e7f6dd6eba4ac6e60038983c4f74cc460384cc8f0d9067739b6ccad1480030018020abf58f605bace15f4a2a00e17862aea95be2f1f389fda8f7d&pst=1701666759&rmtc=t HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
Referer: https://link88299.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21320299; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTMyMDI5OSwiayI6ImM4NmZjNGFjNWE2MDE5ZjA4NGEyNDkxZjgwOWFjYTEyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjE2NjIwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InUydGtjMndieTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.Q6ksTh4ZRAZjwAvPbnFYB7pZo0vh22axoFfq5qMKT3g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=71858e16-2e52-46fd-9ac1-20039d4fe1e3:3:1; expires=Mon, 11 Dec 2023 05:11:39 GMT; secure; SameSite=None
iprcba09d8fde6fdb593f4db81e2524b4e0c=2717343; expires=Tue, 05 Dec 2023 07:11:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 809470eb67d5cd7a6fbfa82ae68feeb7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
landmarkfootnotary.com/watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=c9484e83caa93169f60e8bec600e914ddb881f4e035572742e5adca1688ae00b3917cdfc03510ebd4739f9491d5c89d61b62ae90c0564989b86dbb350cdfe03bef0a344ace62bfbc29fd3844e803fc41726c626a85dbbca2c7de0e99f477a8&pst=1701666759&rmtc=t
173.233.137.44 643 B URL landmarkfootnotary.com/watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=c9484e83caa93169f60e8bec600e914ddb881f4e035572742e5adca1688ae00b3917cdfc03510ebd4739f9491d5c89d61b62ae90c0564989b86dbb350cdfe03bef0a344ace62bfbc29fd3844e803fc41726c626a85dbbca2c7de0e99f477a8&pst=1701666759&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (603)
Hash 00ce631b0a503c553653fcc7f22277ab
9af55620ef95284481a8a7662f9670819583278f
f7fcd454876b9ba0a9b4ef4c9778bbcc04f2e830350e483c8c8e1addd9e4eaf4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1449416497536.js?key=c86fc4ac5a6019f084a2491f809aca12&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=c9484e83caa93169f60e8bec600e914ddb881f4e035572742e5adca1688ae00b3917cdfc03510ebd4739f9491d5c89d61b62ae90c0564989b86dbb350cdfe03bef0a344ace62bfbc29fd3844e803fc41726c626a85dbbca2c7de0e99f477a8&pst=1701666759&rmtc=t HTTP/1.1
Host: landmarkfootnotary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
Referer: https://link88299.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21320299; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTMyMDI5OSwiayI6ImM4NmZjNGFjNWE2MDE5ZjA4NGEyNDkxZjgwOWFjYTEyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjE2NjIwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InUydGtjMndieTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.Q6ksTh4ZRAZjwAvPbnFYB7pZo0vh22axoFfq5qMKT3g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:39 GMT; secure; SameSite=None
iprcba09d8fde6fdb593f4db81e2524b4e0c=2717343; expires=Tue, 05 Dec 2023 07:11:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6251cf18b06754994f532bf6365dc011
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pronedynastyimpertinence.com/watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=72206f5c01576ff16f1f42dcb9c04f1cf5de88f320b02bb1bd99dc8e91fc699d54ef30fceb5f1fa46e4b41c5c49c890e6760915f5b5e2b3a130ec3c26bde943142caf560b8617c663b01be2f38aafcf1fa26f89803402304569849ced9b98f5d&pst=1701666759&rmtc=t
173.233.137.44 2.1 kB URL pronedynastyimpertinence.com/watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=72206f5c01576ff16f1f42dcb9c04f1cf5de88f320b02bb1bd99dc8e91fc699d54ef30fceb5f1fa46e4b41c5c49c890e6760915f5b5e2b3a130ec3c26bde943142caf560b8617c663b01be2f38aafcf1fa26f89803402304569849ced9b98f5d&pst=1701666759&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2668)
Hash 5752fe53dbb25a52f5c4a66f977c0be2
3378270d5e84583e823e9a5013473be85fcdca20
8b5c60408d2487200d3e085b6c8c0462cd80739f9926e1777ef2abdca92c370d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.960904927983.js?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&shu=72206f5c01576ff16f1f42dcb9c04f1cf5de88f320b02bb1bd99dc8e91fc699d54ef30fceb5f1fa46e4b41c5c49c890e6760915f5b5e2b3a130ec3c26bde943142caf560b8617c663b01be2f38aafcf1fa26f89803402304569849ced9b98f5d&pst=1701666759&rmtc=t HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link88299.blogspot.com
Referer: https://link88299.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21179843; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg0MywiayI6IjQ1MzQ3ZDJmNzE5Y2JmOTM0N2M5Yjg0YzM4ZmUwMjM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InFkdzBpNHp6IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbGluazg4Mjk5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FM8aHMMlzO-fB0maIfGKhDpstDNN0GU2AObs63fEdIE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com
Access-Control-Allow-Origin: https://link88299.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:39 GMT; secure; SameSite=None
iprc50321fe5c98226dda1c687914fb5e3f4=3569808; expires=Mon, 04 Dec 2023 09:11:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c276c37a0308d87ad8bfa3fb8def6998
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
link88299.blogspot.com/responsive/sprite_v1_6.css.svg
216.58.207.193 2.2 kB URL link88299.blogspot.com/responsive/sprite_v1_6.css.svg
IP 216.58.207.193:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7657)
Hash d4dcfc8144f556815c7a1d84ed4e959e
22088bd6cdf970dcf7bfab9a74a4768548ca8890
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: link88299.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: image/svg+xml
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2244
date: Mon, 04 Dec 2023 05:11:39 GMT
expires: Mon, 11 Dec 2023 05:11:39 GMT
cache-control: public, max-age=604800
last-modified: Sun, 03 Dec 2023 15:53:10 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pronedynastyimpertinence.com/watch.960904927983?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
173.233.137.44 1.4 kB URL pronedynastyimpertinence.com/watch.960904927983?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (628)
Hash 631e2e5e0ed505c085a9f3965b520a40
cdcc21b8289b18451505e7026331fd086a8fa59f
f2eabd737e36e5056014e5450ca83781cee95ef8b024d78ad7b87511d69b24df
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.960904927983?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1 HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Cookie: u_pl=21179843; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg0MywiayI6IjQ1MzQ3ZDJmNzE5Y2JmOTM0N2M5Yjg0YzM4ZmUwMjM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InFkdzBpNHp6IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbGluazg4Mjk5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FM8aHMMlzO-fB0maIfGKhDpstDNN0GU2AObs63fEdIE; uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; iprc50321fe5c98226dda1c687914fb5e3f4=3569808; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg0MywiayI6IjQ1MzQ3ZDJmNzE5Y2JmOTM0N2M5Yjg0YzM4ZmUwMjM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InFkdzBpNHp6IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjIsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL2xpbms4ODI5OS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.se_ruay1o-VlKYOMabgTknV8JtVtxdfTMTY2U0OMqMg; expires=Mon, 04 Dec 2023 05:12:39 GMT; secure; SameSite=None
uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6d1e19d819bbb4d1e7a6f52dd99eef3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pronedynastyimpertinence.com/api/users?token=L3dhdGNoLjk2MDkwNDkyNzk4Mz9kZXY9ZSZrZXk9NDUzNDdkMmY3MTljYmY5MzQ3YzliODRjMzhmZTAyMzYma3c9JTVCJTI2cXVvdCUzQmxpaW5rJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTY2Njc1OSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpbms4ODI5OS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02ZmIwNTdkNmViYTE4MjkzOWJlYjU1NGUyMDk4ZWI1ZTMxZWIyYWYyMTQ1Y2MyMWMxZTM5MDA3ZTFlYmM2MzA5NGE0Y2Y3ZDg0OTZjN2IyZjc0M2VlZWNhMDA3NzUxMGNhZWJkNWMzZjY4MjEzYTZhOGNlZTQyOGE0ZTdkMDIwM2NiM2E0ZmNhMWMzNWM0OGNlZDJkY2M1MTE1NmFiMTc5NDdmYmFlMTYwZmMwYjBlM2RjYWUxNjFiMDM4OWZjMDEmdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false
173.233.137.44 1.9 kB URL pronedynastyimpertinence.com/api/users?token=L3dhdGNoLjk2MDkwNDkyNzk4Mz9kZXY9ZSZrZXk9NDUzNDdkMmY3MTljYmY5MzQ3YzliODRjMzhmZTAyMzYma3c9JTVCJTI2cXVvdCUzQmxpaW5rJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTY2Njc1OSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpbms4ODI5OS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02ZmIwNTdkNmViYTE4MjkzOWJlYjU1NGUyMDk4ZWI1ZTMxZWIyYWYyMTQ1Y2MyMWMxZTM5MDA3ZTFlYmM2MzA5NGE0Y2Y3ZDg0OTZjN2IyZjc0M2VlZWNhMDA3NzUxMGNhZWJkNWMzZjY4MjEzYTZhOGNlZTQyOGE0ZTdkMDIwM2NiM2E0ZmNhMWMzNWM0OGNlZDJkY2M1MTE1NmFiMTc5NDdmYmFlMTYwZmMwYjBlM2RjYWUxNjFiMDM4OWZjMDEmdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2604)
Hash 3928dec4d2f845c95ea0757d91421e1b
d956d6d170de590eea5aeaef2452f9d32aa80465
abf5c24ba0a65fba350b41f98070a8dc057ba12f971547aa82d27b9d7404bc1b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjk2MDkwNDkyNzk4Mz9kZXY9ZSZrZXk9NDUzNDdkMmY3MTljYmY5MzQ3YzliODRjMzhmZTAyMzYma3c9JTVCJTI2cXVvdCUzQmxpaW5rJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTY2Njc1OSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpbms4ODI5OS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02ZmIwNTdkNmViYTE4MjkzOWJlYjU1NGUyMDk4ZWI1ZTMxZWIyYWYyMTQ1Y2MyMWMxZTM5MDA3ZTFlYmM2MzA5NGE0Y2Y3ZDg0OTZjN2IyZjc0M2VlZWNhMDA3NzUxMGNhZWJkNWMzZjY4MjEzYTZhOGNlZTQyOGE0ZTdkMDIwM2NiM2E0ZmNhMWMzNWM0OGNlZDJkY2M1MTE1NmFiMTc5NDdmYmFlMTYwZmMwYjBlM2RjYWUxNjFiMDM4OWZjMDEmdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pronedynastyimpertinence.com/watch.960904927983?key=45347d2f719cbf9347c9b84c38fe0236&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
Cookie: u_pl=21179843; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg0MywiayI6IjQ1MzQ3ZDJmNzE5Y2JmOTM0N2M5Yjg0YzM4ZmUwMjM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InFkdzBpNHp6IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjIsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL2xpbms4ODI5OS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.se_ruay1o-VlKYOMabgTknV8JtVtxdfTMTY2U0OMqMg; uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; iprc50321fe5c98226dda1c687914fb5e3f4=3569808; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com/
Access-Control-Allow-Origin: https://link88299.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs=2; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
uncs23=2; expires=Tue, 05 Dec 2023 05:11:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 596906672f82431bd4361b0f0c644798
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
curryoxygencheaper.com/watch.23351755300?key=6ee4b9e1aa28949d467fff8f39cd56d3&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
173.233.137.60 1.4 kB URL curryoxygencheaper.com/watch.23351755300?key=6ee4b9e1aa28949d467fff8f39cd56d3&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (624)
Hash 268735c4cbf5d579eba9fdc2002786cf
1f8584f3f5f4d522c0b18d02fe2b7fa3b7f91b5d
60749a68621c1bc93dc0a57abdbce0b08bfac1d933a333498b46944392a20c0a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.23351755300?key=6ee4b9e1aa28949d467fff8f39cd56d3&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1 HTTP/1.1
Host: curryoxygencheaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21179868; expires=Tue, 05 Dec 2023 05:11:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg2OCwiayI6IjZlZTRiOWUxYWEyODk0OWQ0NjdmZmY4ZjM5Y2Q1NmQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjUsInB0Ijo0LCJwayI6InhjMGR5MzUzdDUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.mzLFpKOynINs1EJzrAuBZG6o_YEpVq3ZO5xReFFiYQg; expires=Mon, 04 Dec 2023 05:12:40 GMT; secure; SameSite=None
uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b85e1297fe37dd6a2387f60caba46f82
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/9f/78/ba/9f78baab1c3b212470a45bcfd6e03b2f/1671447379.jpg
45.133.44.9 60 kB URL cdn.cloudimagesb.com/bi/9f/78/ba/9f78baab1c3b212470a45bcfd6e03b2f/1671447379.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:12:01 19:12:58], baseline, precision 8, 728x90, components 3\012- data
Hash 6074b531bfeb03c9839c9a1fcb97c9f8
a07a41ed553e921b0c230784eafd7b4edcb4f991
3a91f058c16906ced973846f5f8c63ee06f268a8f12196050f2fc150fcd7e6d9
GET /bi/9f/78/ba/9f78baab1c3b212470a45bcfd6e03b2f/1671447379.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pronedynastyimpertinence.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:40 GMT
content-type: image/jpeg
content-length: 60223
server: nginx/1.21.6
last-modified: Mon, 19 Dec 2022 10:56:26 GMT
etag: "63a0435a-eb3f"
expires: Wed, 06 Dec 2023 05:11:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21320299
173.233.137.36 1.4 kB URL conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21320299
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (484)
Hash ed822642fc62fde5b2f74de2d6fc3dc9
e12898a22137462d5603a7b79d88b3a2b300546d
47d334b1f067eda8a8dbad77ddfba3efecfef337277583d19243e45c9ab3b3cc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21320299 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Tue, 05 Dec 2023 05:11:40 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEzMjAyOTkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.PjCV2O-D4vPeISRsYt9ZqBAxg_VeZRQAqd7uPRIGmLY; expires=Mon, 04 Dec 2023 05:12:40 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: daaa5f1aedbb0687762f4fa88d423586
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
curryoxygencheaper.com/api/users?token=L3dhdGNoLjIzMzUxNzU1MzAwP2Rldj1lJmtleT02ZWU0YjllMWFhMjg5NDlkNDY3ZmZmOGYzOWNkNTZkMyZrdz0lNUIlMjZxdW90JTNCbGlpbmslMjZxdW90JTNCJTVEJnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PWQwZDMyZmExYzkwZTI1YzNjMDA0NmVkM2YyZWZiNzA0MmJjMzU4MGIxNzkxNWIwNDVkZWRlYTNmNGUzNjQxNjgzZjVlMjQ1YWVmNjkxZTE1MmZmZmEyNjAzMWI0OWNmZTZjYjJmNmQ5MWIyYTFhYTg1MzE2NDMyMDQ3Yjc1Nzg2Y2Q4ZjU0MjI4MzlkNWJlY2Q3YWZjNjc0NzEyMDlkNWE4ZjZhN2E1MWEwYWQ0NGRhMmEyNDZkYjIzNWQzYWImdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false
173.233.137.60 1.8 kB URL curryoxygencheaper.com/api/users?token=L3dhdGNoLjIzMzUxNzU1MzAwP2Rldj1lJmtleT02ZWU0YjllMWFhMjg5NDlkNDY3ZmZmOGYzOWNkNTZkMyZrdz0lNUIlMjZxdW90JTNCbGlpbmslMjZxdW90JTNCJTVEJnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PWQwZDMyZmExYzkwZTI1YzNjMDA0NmVkM2YyZWZiNzA0MmJjMzU4MGIxNzkxNWIwNDVkZWRlYTNmNGUzNjQxNjgzZjVlMjQ1YWVmNjkxZTE1MmZmZmEyNjAzMWI0OWNmZTZjYjJmNmQ5MWIyYTFhYTg1MzE2NDMyMDQ3Yjc1Nzg2Y2Q4ZjU0MjI4MzlkNWJlY2Q3YWZjNjc0NzEyMDlkNWE4ZjZhN2E1MWEwYWQ0NGRhMmEyNDZkYjIzNWQzYWImdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2420)
Hash c6d62adfb55069908f9aaee628c87dcb
c49068dfba598b4ca60cde3cbf9d5b878e519108
36c497ade2f9e9eb7d2deac88dcd7e22a9dfd8a28da6daa52970fb7393e0c951
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjIzMzUxNzU1MzAwP2Rldj1lJmtleT02ZWU0YjllMWFhMjg5NDlkNDY3ZmZmOGYzOWNkNTZkMyZrdz0lNUIlMjZxdW90JTNCbGlpbmslMjZxdW90JTNCJTVEJnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PWQwZDMyZmExYzkwZTI1YzNjMDA0NmVkM2YyZWZiNzA0MmJjMzU4MGIxNzkxNWIwNDVkZWRlYTNmNGUzNjQxNjgzZjVlMjQ1YWVmNjkxZTE1MmZmZmEyNjAzMWI0OWNmZTZjYjJmNmQ5MWIyYTFhYTg1MzE2NDMyMDQ3Yjc1Nzg2Y2Q4ZjU0MjI4MzlkNWJlY2Q3YWZjNjc0NzEyMDlkNWE4ZjZhN2E1MWEwYWQ0NGRhMmEyNDZkYjIzNWQzYWImdHo9MCZ1dWlkPWNiMWE2ZmNkLTFjZjMtNGFmZC1iOTk0LWNiNTQ5Mzc0OTYyZCUzQTIlM0Ex&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1&pii=&in=false HTTP/1.1
Host: curryoxygencheaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://curryoxygencheaper.com/watch.23351755300?key=6ee4b9e1aa28949d467fff8f39cd56d3&kw=%5B%22liink%22%5D&refer=https%3A%2F%2Flink88299.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=cb1a6fcd-1cf3-4afd-b994-cb549374962d%3A2%3A1
Cookie: u_pl=21179868; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTE3OTg2OCwiayI6IjZlZTRiOWUxYWEyODk0OWQ0NjdmZmY4ZjM5Y2Q1NmQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTcwNTUwLCJwaWQiOjEzODQ5MzYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjUsInB0Ijo0LCJwayI6InhjMGR5MzUzdDUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.mzLFpKOynINs1EJzrAuBZG6o_YEpVq3ZO5xReFFiYQg; uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://link88299.blogspot.com/
Access-Control-Allow-Origin: https://link88299.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cb1a6fcd-1cf3-4afd-b994-cb549374962d:2:1; expires=Mon, 11 Dec 2023 05:11:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 05:11:40 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 05:11:40 GMT; secure; SameSite=None
pdhtkv25=true; expires=Tue, 05 Dec 2023 05:11:40 GMT; secure; SameSite=None
uncs25=1; expires=Tue, 05 Dec 2023 05:11:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fc9c092fc708eae2b3ee218056dd37a1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cyclistforgotten.com/pixel/nvrwe?error=timeout
192.243.59.20 0 B URL cyclistforgotten.com/pixel/nvrwe?error=timeout
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/nvrwe?error=timeout HTTP/1.1
Host: cyclistforgotten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link88299.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 05:11:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzIwMjk5JnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTRiZGJjYTMzNDM2Y2VlOGExYjZlM2MwYjQ3ODlkNTc3OWEyYzQxMGRiZTRlZTZlMzI0NWRhOTU5MjBlMzExNWY3M2Q1MjBmNjI5OGEwOWYxOWI1ZjlkZmM4ZTFiNjViMzVkMDI2YmNhYzgwOGU2ZTkwNTFmMjgyMDRkZTRmMmY0YzYxNTc1YTRhMGM4ZTdhZmIwM2Q4OTQ2MWVkZjcxZjVmODQwNDEzY2RkYmQwZjAzMDkyYTg1Y2RmOTkx&uuid=&pii=&in=false
173.233.137.52302 Found 0 B URL User Request GET HTTP/1.1 conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzIwMjk5JnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTRiZGJjYTMzNDM2Y2VlOGExYjZlM2MwYjQ3ODlkNTc3OWEyYzQxMGRiZTRlZTZlMzI0NWRhOTU5MjBlMzExNWY3M2Q1MjBmNjI5OGEwOWYxOWI1ZjlkZmM4ZTFiNjViMzVkMDI2YmNhYzgwOGU2ZTkwNTFmMjgyMDRkZTRmMmY0YzYxNTc1YTRhMGM4ZTdhZmIwM2Q4OTQ2MWVkZjcxZjVmODQwNDEzY2RkYmQwZjAzMDkyYTg1Y2RmOTkx&uuid=&pii=&in=false
IP 173.233.137.52:443
Certificate IssuerLet's Encrypt
Subjectconqueredallrightswell.com
Fingerprint9E:C2:75:0A:08:52:CB:97:0C:C6:54:67:5E:6F:7F:C9:D8:00:28:1C
ValidityTue, 14 Nov 2023 16:14:39 GMT - Mon, 12 Feb 2024 16:14:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzIwMjk5JnBzdD0xNzAxNjY2NzYwJnJlZmVyPWh0dHBzJTNBJTJGJTJGbGluazg4Mjk5LmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTRiZGJjYTMzNDM2Y2VlOGExYjZlM2MwYjQ3ODlkNTc3OWEyYzQxMGRiZTRlZTZlMzI0NWRhOTU5MjBlMzExNWY3M2Q1MjBmNjI5OGEwOWYxOWI1ZjlkZmM4ZTFiNjViMzVkMDI2YmNhYzgwOGU2ZTkwNTFmMjgyMDRkZTRmMmY0YzYxNTc1YTRhMGM4ZTdhZmIwM2Q4OTQ2MWVkZjcxZjVmODQwNDEzY2RkYmQwZjAzMDkyYTg1Y2RmOTkx&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEzMjAyOTkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9saW5rODgyOTkuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.PjCV2O-D4vPeISRsYt9ZqBAxg_VeZRQAqd7uPRIGmLY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 05:11:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Tue, 05 Dec 2023 05:11:41 GMT
uncs=1; expires=Tue, 05 Dec 2023 05:11:41 GMT
pdhtkv28=true; expires=Tue, 05 Dec 2023 05:11:41 GMT
uncs28=1; expires=Tue, 05 Dec 2023 05:11:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 829d9409d5b55f3320385072f82457ba
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
13.107.213.53307 Temporary Redirect 0 B URL User Request GET HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 04-Dec-3022 05:11:41 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0jV9tZQAAAADbfhAfuGTWQ4u4MQTOu1ibU1ZHMjBFREdFMDUwNwAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Mon, 04 Dec 2023 05:11:41 GMT
content-length: 0
X-Firefox-Spdy: h2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 05:11:41 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node0zfxxpl6f9qif1efwjocjpsjd67004211.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 05:11:41 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 05:11:41 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://conqueredallrightswell.com/"; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 05:11:41 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=68246908; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://conqueredallrightswell.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 04 Dec 2023 05:11:41 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 05:11:41 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 04 Dec 2023 05:11:41 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
172.64.144.152302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Mon, 04 Dec 2023 05:11:41 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 83018cd6feb5b4eb-OSL
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL GET HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
172.64.144.152200 OK 936 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 41acdc0efbe24c5e799972ff33c90259
1e5df73ad5bfb5f075815bcb520fabe2e107fe2d
1a91fab46f128a63c74943fe6db7de41509d69ae9f4e36aab9f984cac94fa451
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeabb4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 428428
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
172.64.144.152200 OK 35 kB URL User Request GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
IP 172.64.144.152:443
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: text/html; charset=utf-8
cf-ray: 83018cd52df4b4eb-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 503fa9ce-301e-000a-7870-26b6b5000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_C973484D49324D9B8C8D6B49BD0970F6;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
172.64.144.152200 OK 4.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash 7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeaeb4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 350576
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.unibet.com/
85.184.96.28200 OK 12 kB IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type gzip compressed data\012- data
Hash 14275b22d5119b8d441f7257706859fc
b9430cfd904f4f0f2bac57872e0dceeacaeed1dd
b4a00203f81cc4bfb0099f034325becc53530e6a7edd1e89c40e435e04146685
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: text/html;charset=utf-8
x-request-id: 6197efcf00c7f4a713f9a4c499f86c15
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Mon, 04 Dec 2023 05:12:09 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.42200 OK 99 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.42:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 498204791bef417c1b9890ff9c9e9171
516e45723c2844e9e463cbd85d85a29c196bf92f
34a5264eca6bb1e0c72ed97615575c44bade55d7c678686697ebca32e90caf49
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:11:41 GMT
date: Mon, 04 Dec 2023 05:11:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
172.64.144.152200 OK 11 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 83018cd87f35b4eb-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 356195
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 67 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (25136)
Hash 92d171495e439f65242c49fe1ab31fcb
fab0faf1ea3cb1e57e0bffbbdcffb6422be0c71f
88d5724ba1c2bb46163f114514f8cee2e24c05545a5e2449c3786d4113b13d68
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 05:11:42 GMT
expires: Mon, 04 Dec 2023 05:11:42 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67304
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
172.64.144.152200 OK 88 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6feb6b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 428504
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 372889
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
172.64.144.152200 OK 16 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 678df4d8ef9b4aa957e5433dd94fb7e4
fd8a4109a2f00c19679f25d18be017541ff6fea5
bdbca379909a5f57b65b90094901804655f8cd82c05312a754320b7ae30c5187
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeb2b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 358434
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 346448
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.141.13200 OK 74 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.141.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 425003
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcD9Jfo1p3DHstnD2s5XJyvO%2Fife87he1FI7yIHmsAx%2BoR1D6n3jKx4bOW%2FteD5lEsh86mz4tTVLhdrw4CzsJkAw1IstZvbQkgCo3N%2BOP3PJQVgm%2BkkTQy%2B4W4NVm%2Fh0ZNiduuTo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83018cd89c1e7792-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
172.64.144.152200 OK 4.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Hash cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 83018cd6ce9eb4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 165543
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
172.64.144.152200 OK 16 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeacb4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 262748
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 4.7 kB URL GET HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Hash 631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Mon, 04 Dec 2023 05:11:41 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.42200 OK 87 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.42:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65451)
Hash a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:51:14 GMT
expires: Fri, 29 Nov 2024 02:51:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 354027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.141.13200 OK 54 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.141.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (54456), with no line terminators
Hash 7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2221723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12Pax8YygTOBeTbySCf%2BMEWAFi47y6rBUL5ubOazcyGwpAT31L6momJZAqxh3%2B1k8mpvs2dw7wsCsL1c7B08Zs47CyB0MpNZrYd7jIye2%2FAd8vb8WgeXuy5xVIAjSHKgXjZyQi2k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83018cd79b957792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
172.64.144.152200 OK 5.4 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, ASCII text, with very long lines (5609), with no line terminators
Hash 41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 83018cd6dea2b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 260090
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
172.64.144.152200 OK 3.2 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Hash 910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeaab4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 434853
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
172.64.144.152200 OK 1.1 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Hash 72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeb1b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 354812
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
172.64.144.152200 OK 98 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 83018cd86f2eb4eb-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 257547
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.80.126200 OK 1.1 kB URL GET HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.80.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Hash 8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 436
vary: Accept-Encoding
server: cloudflare
cf-ray: 83018cdb58da56a4-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
172.64.144.152200 OK 421 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: image/x-icon
cf-ray: 83018cd97f86b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 428358
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.80.126200 OK 25 kB URL GET HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.80.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 436
vary: Accept-Encoding
server: cloudflare
cf-ray: 83018cdb58df56a4-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
172.64.144.152200 OK 15 kB URL GET HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (693)
Hash 5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 83018cd7ff08b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 248882
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
172.64.144.152200 OK 5.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Hash e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeb0b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 346273
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 1.8 kB URL GET HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (1881), with no line terminators
Hash 695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 337327
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
172.64.144.152200 OK 22 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: text/css; charset=utf-8
cf-ray: 83018cd6ce9db4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 343421
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
85.184.96.28200 OK 74 kB URL GET HTTP/2 www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (65378)
Hash 3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246
GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=BLP.1.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.80.126200 OK 4.9 kB URL GET HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.80.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Hash 7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:42 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 436
vary: Accept-Encoding
server: cloudflare
cf-ray: 83018cdb58de56a4-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
172.64.144.152200 OK 5.9 kB URL GET HTTP/2 welcome.unibet.com/custom.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (6078), with no line terminators
Hash f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: application/javascript
cf-ray: 83018cd6eea7b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 356289
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
172.64.144.152200 OK 1.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Hash 49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C973484D49324D9B8C8D6B49BD0970F6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701666701366)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023124511%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210663060034%7c1%22%7d%5d; __ucbt=node0zfxxpl6f9qif1efwjocjpsjd6; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_C973484D49324D9B8C8D6B49BD0970F6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C973484D49324D9B8C8D6B49BD0970F6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_C973484D49324D9B8C8D6B49BD0970F6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:11:41 GMT
content-type: image/svg+xml
cf-ray: 83018cd6eeb3b4eb-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 249799
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2