go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399/
104.21.49.22301 Moved Permanently 0 B URL HTTP/1.1 go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399/
IP 104.21.49.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request/8b72acf3-0180-452d-a648-91b1c8d95399/ HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 08 Oct 2022 13:54:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 14:54:15 GMT
Location: https://go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAOHq3rMdyzTeLdqssUMqMUIEYpwlF19weDdh5fdB2siGx9CFX1dEcEGHkb95vjY1L%2BrduQArJpBEkv8bWYwom1LVjQ1mSHtyjYjUrm13BHWZBPt9v7ZLfTasyEvlxSP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756f5e0e99030b39-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5813
Expires: Sat, 08 Oct 2022 15:31:08 GMT
Date: Sat, 08 Oct 2022 13:54:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Dcvns7b7xuzqeTeKWL680X2HZltsRtchAQoqr6NEenHO8YIleuTwEw==
Age: 252417
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7cba6aada5c0a04c1c0644769c09f64e
ed02f174a9b718951911343af8ec181c6d205b1d
ba863e734d5d38ed160758ab0b09d1b0f44fc795dcbcee4199329b011fcd1bd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA863E734D5D38ED160758AB0B09D1B0F44FC795DCBCEE4199329B011FCD1BD1"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5140
Expires: Sat, 08 Oct 2022 15:19:55 GMT
Date: Sat, 08 Oct 2022 13:54:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: frvmgYfj1XujyBhMZApwndkks3sTVw4Pl/NXsVyHvbrzOYBNnKl5QPTfDzSRoJ5sf954zdTgmdBjjRaz65zgzg==
x-amz-request-id: 1ZS90J7JFPY5HXWV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 13:31:40 GMT
age: 1355
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76667644d785aa956cd9b3ac0f308925
c31372a286e3eef2909fa81e12deb54c7927275d
8eaec5a3df3126a7db788ec5021116e90311d817fbbcc1122cf8cc20b9ad759a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8EAEC5A3DF3126A7DB788EC5021116E90311D817FBBCC1122CF8CC20B9AD759A"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21573
Expires: Sat, 08 Oct 2022 19:53:48 GMT
Date: Sat, 08 Oct 2022 13:54:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 08 Oct 2022 13:29:41 GMT
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 14:23:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oSt-7Vne8tIj0Lbt-EzzNbj7PFSFv3Tgwuh-x6Q0cxQckmtATp-i7A==
Age: 1475
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76667644d785aa956cd9b3ac0f308925
c31372a286e3eef2909fa81e12deb54c7927275d
8eaec5a3df3126a7db788ec5021116e90311d817fbbcc1122cf8cc20b9ad759a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8EAEC5A3DF3126A7DB788EC5021116E90311D817FBBCC1122CF8CC20B9AD759A"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21572
Expires: Sat, 08 Oct 2022 19:53:48 GMT
Date: Sat, 08 Oct 2022 13:54:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5479444ef227af03029fbb9d154f0107
0563678ec07ab3707b716ca4c638ece4c8ad7de4
4850d49786a140003b90ae108104ffbfe80a6e0d9f584656a09f0fff11dc9d0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:16 GMT
Last-Modified: Sat, 08 Oct 2022 12:19:46 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0360e131ceafa5ea46cab5f528eb17f
dbcc23112b2c694fad7c834ea8e23208a02ed73a
8b30e050c7c24ee5b60310a6734623275af4c1c74f4a833f551d182cff81ce53
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B30E050C7C24EE5B60310A6734623275AF4C1C74F4A833F551D182CFF81CE53"
Last-Modified: Fri, 07 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5841
Expires: Sat, 08 Oct 2022 15:31:37 GMT
Date: Sat, 08 Oct 2022 13:54:16 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 13:54:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=447662,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756f5e159f97b4e8-OSL
gtoonfd.com/favicon.ico
139.45.197.239204 No Content 0 B IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=cd0o225ip8jklp0pt0m0
Cookie: OAID=8cc1db195cbe45ad9f4ff59478169e81; oaidts=1665237256; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 13:54:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=8cc1db195cbe45ad9f4ff59478169e81
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=8cc1db195cbe45ad9f4ff59478169e81
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=8cc1db195cbe45ad9f4ff59478169e81 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gtoonfd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:16 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8cc1db195cbe45ad9f4ff59478169e81; expires=Sun, 08 Oct 2023 13:54:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.148.190.4101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.190.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3iaeDz5bpG4IsEhjxq/gNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: F2ro2zdXKmZeb66iWf7jpTnqCos=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4181233aa2784c10162465715a696c98
dce52cd3d6e42685a295e2fd17a0c17e737c74e4
220c3de5e014f1db9aa7be98938b56161a8ab8e3993469b1f767cc89a3f27532
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "220C3DE5E014F1DB9AA7BE98938B56161A8AB8E3993469B1F767CC89A3F27532"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2379
Expires: Sat, 08 Oct 2022 14:33:55 GMT
Date: Sat, 08 Oct 2022 13:54:16 GMT
Connection: keep-alive
gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=cd0o225ip8jklp0pt0m0
139.45.197.239200 OK 3.0 kB URL HTTP/2 gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=cd0o225ip8jklp0pt0m0
IP 139.45.197.239:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash 249b958f2abb4935f9dec1b5338912a8
fe8e28d7cc2a1d694ad4e3622b13d02b50fc63e9
d4a94790a708a8ba7bbca3fe56c517ea60704792a9b07d347f0949b66c4ae5c8
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=cd0o225ip8jklp0pt0m0 HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:16 GMT
content-type: text/html; charset=utf8
x-trace-id: 06bf929187653fc4e7155cd8d89baa8e
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=8cc1db195cbe45ad9f4ff59478169e81; expires=Sun, 08 Oct 2023 13:54:16 GMT; path=/; secure; SameSite=None
oaidts=1665237256; expires=Sun, 08 Oct 2023 13:54:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
allcnt=1; expires=Sun, 08 Oct 2023 13:54:16 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ed7fcacb5922dce0ab71a1517b6c898e
00e9d2299875ae1dbb65f4fcc9f64fa6f8bf6ebf
888088b715e8eb1592bef2d2c4850bbe3f3efd4bc14328a6f9221ef9e0b56d08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "888088B715E8EB1592BEF2D2C4850BBE3F3EFD4BC14328A6F9221EF9E0B56D08"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17838
Expires: Sat, 08 Oct 2022 18:51:34 GMT
Date: Sat, 08 Oct 2022 13:54:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6518b23c755327277b44dc1f6987f958
86856a3d7cc9fff082df12330105de7a89b81552
190f6d829f0eb407fec412a6a83e7aa46a213f7ed032c58a97eb333bc7534d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "190F6D829F0EB407FEC412A6A83E7AA46A213F7ED032C58A97EB333BC7534D98"
Last-Modified: Fri, 07 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Sat, 08 Oct 2022 14:39:47 GMT
Date: Sat, 08 Oct 2022 13:54:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 19e9213d0f09fb6474b5289b15393677
b1d75a759183193d5560010b427b91ff554231f2
75b4f22c41536bd9961ad4baf5c3ec22ff3e7d538b9255b0f0f76c7fa06dd616
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75B4F22C41536BD9961AD4BAF5C3EC22FF3E7D538B9255B0F0F76C7FA06DD616"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7672
Expires: Sat, 08 Oct 2022 16:02:09 GMT
Date: Sat, 08 Oct 2022 13:54:17 GMT
Connection: keep-alive
unphionetor.com/vctx?t=56193
139.45.197.236200 OK 72 B URL HTTP/2 unphionetor.com/vctx?t=56193
IP 139.45.197.236:0
File type JSON data\012- , ASCII text
Hash 4d6d80dce35d451078285e2ac540d8d3
b530cea9fe52c0e1e500e3f90b81c7afb9ff6901
7afe308e16327c23ecad35f3af36ecb1fff13907a007c537388cf0f37fd38cca
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=56193 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
content-type: text/plain; charset=utf-8
content-length: 72
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d7f57d0d0b5f047c6263b878b8f83b38
set-cookie: PRIT[56193]=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
toapodazoay.com/favicon.ico
139.45.197.152204 No Content 0 B URL HTTP/2 toapodazoay.com/favicon.ico
IP 139.45.197.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4574936&rsz=4574936&rid=
Cookie: reverse=8XIaa1XXQS7ff7DAD_Nieb4K7Q2zJ-9iw1ZiKV27-U0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
strict-transport-security: max-age=60
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=56193&bid=79056&aid=602611333963456836
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=56193&bid=79056&aid=602611333963456836
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=56193&bid=79056&aid=602611333963456836 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 240bac3f94b04cf858607b9afc9bb9f6
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3&mprtr=1
139.45.197.152200 OK 525 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3&mprtr=1
IP 139.45.197.152:0
Hash c0db7435d0cc3477b5e29e4e9cf2064c
991f8129c70ad57db21eb9f7940675d40e913e87
7413ca42043f2fc5aa20e9f1647d997a9732529417ba0d23396a34eb3f76c368
POST /?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3&mprtr=1 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=4574936&rsz=4574936&rid=
Cookie: reverse=8XIaa1XXQS7ff7DAD_Nieb4K7Q2zJ-9iw1ZiKV27-U0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3029
Expires: Sat, 08 Oct 2022 14:44:46 GMT
Date: Sat, 08 Oct 2022 13:54:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3029
Expires: Sat, 08 Oct 2022 14:44:46 GMT
Date: Sat, 08 Oct 2022 13:54:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bc50d1380ae8fc980ae1cc38f2371c7
be79aecfd7eefa89c409ed743402a292ff0ce6c0
43e015802ba453d4cd79984b53efa8a529ece62760f6693f9daeb2388179201f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6366
x-amzn-requestid: ddcd915d-2606-4243-969e-19fb02b5b6d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EJGoSIAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb3-1c7bd17a2dcdd25e4da6d346;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Cm4uaStVKEsemoOHrc04J9qNysQJoMB7-R8LEzmlRXt47mpXi2NRPA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:12 GMT
age: 57845
etag: "be79aecfd7eefa89c409ed743402a292ff0ce6c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d67e1b7a9224fb617581c14af1e369ac
941b8fdd8736691d796738233681f12900af92c4
ed88575e76e6919ab4702bb29db5c48c5bd250ad2a89047d4d8a31cf3c77f12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9112
x-amzn-requestid: 94c5c303-a221-4b00-9d01-95607233fbc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2PxHXuoAMFZzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d97-5080b3765b6cd57c64e36e80;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:43:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: caUfhYpcvVq0JjR0INv3aPuCZDq50dJg9p7Wjlz6TcJaX7kU3OIHDA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:09 GMT
age: 57848
etag: "941b8fdd8736691d796738233681f12900af92c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3fba664205cc4f4c47441384bb9baff
7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca
5336cbc9f49699990c607bfb64265f55425f0c994d1c880d71e4faefd26057a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10302
x-amzn-requestid: 10724d90-3561-4b3a-9faa-2ecfd573b3bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EKGUVoAMF0cQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb4-76637f427b13d2c506fd5ccf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1rwq9VVxiIBmFjb6TUwaGdXIH6zqzTGEaJz3MW9fnU3VCGty50sLSA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:47:42 GMT
age: 57995
etag: "7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=56193&cb=1433256887
139.45.197.236200 OK 11 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=1433256887
IP 139.45.197.236:0
Hash 1088a8fb5905594a01b013a7e755e2a5
b0108232a0228f3b2fdaccd122e19c1a3dc69d7f
c260b66b54ecffdac39a21a3c14cced437d35ee0b69fd1415bc348e59b61b1f4
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=1433256887 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 25594dcd640d20697cec8576e5fa20a1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dcf23b32642f7a82a0a7d734a631bca
9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7
add9aab4427819610f8d693758a752910cf314346e974b7636a82381ab9daa4d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4252
x-amzn-requestid: 8d6a225c-6389-4f20-9b90-494841f47c99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4GjCIAMFX-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-4076dc933185d9fd6b68e802;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Wb1JAlWtR9sSEi_KuYZivvMivSxZjo92LGpWgFppol5zgapK6eQ-dg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:16 GMT
etag: "9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7"
content-type: image/jpeg
age: 58621
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 49 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
Hash be656a716fbfa524ce8ce9078e31c8e9
ff762fdc98cc229a4bc0aeddcf2ecf5880885b26
f6295179cf87918860625682fdd4cd8ea1cb3a6cc19ebed43c24b3947f0a2d7a
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 08 Oct 2022 13:54:18 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 632 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cd9531782c03aee9201db03213741f1d
b0a419ca03ab51c1b8485a30442614aaa56bde4a
44bf1b3144574906ab7302f062e8b428b907f70b4a68dc5197b0a7b86335ed32
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 13:54:18 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: d17fef3276e1e97bc7f27593befe6726
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://r.top100bookies.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=d37232d4f89f4f02b39edb136da2a698; expires=Sun, 08 Oct 2023 13:54:18 GMT; path=/
oaidts=1665237258; expires=Sun, 08 Oct 2023 13:54:18 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=602611333963456836&tp=2069
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=602611333963456836&tp=2069
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=602611333963456836&tp=2069 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 13:54:18 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: de268c57b7ca9a55833dc2e9cb536e89
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9d39e1d6f244950b6a977909ffb47e7f
a16cd8a32ef59a90352fb53646b7e83aa75f527c
3c5e5a18a8221f974d2d5e0bb5a3bde77a513ed97816394181bb84187de3d4f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C5E5A18A8221F974D2D5E0BB5A3BDE77A513ED97816394181BB84187DE3D4F1"
Last-Modified: Sat, 08 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7190
Expires: Sat, 08 Oct 2022 15:54:08 GMT
Date: Sat, 08 Oct 2022 13:54:18 GMT
Connection: keep-alive
r.top100bookies.com/action.php?action=redirect&wid=119&bid=999978&pid=310&rdk=rk1
185.140.231.55302 Found 0 B URL HTTP/1.1 r.top100bookies.com/action.php?action=redirect&wid=119&bid=999978&pid=310&rdk=rk1
IP 185.140.231.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action.php?action=redirect&wid=119&bid=999978&pid=310&rdk=rk1 HTTP/1.1
Host: r.top100bookies.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.10.3 (Ubuntu)
Date: Sat, 08 Oct 2022 13:54:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 08 Oct 2022 13:54:18 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, *
Location: https://b1.trickyrock.com/redirect.aspx?pid=3499897&bid=37672
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 13:54:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=447660,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756f5e23ff9eb4e8-OSL
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=d37232d4f89f4f02b39edb136da2a698; oaidts=1665237258
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 08 Oct 2022 13:54:18 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
my.rtmark.net/img.gif?f=merge&userId=d37232d4f89f4f02b39edb136da2a698
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=d37232d4f89f4f02b39edb136da2a698
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=d37232d4f89f4f02b39edb136da2a698 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:18 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d37232d4f89f4f02b39edb136da2a698; expires=Sun, 08 Oct 2023 13:54:18 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
b1.trickyrock.com/redirect.aspx?pid=3499897&bid=37672
23.36.79.11301 Moved Permanently 0 B URL HTTP/2 b1.trickyrock.com/redirect.aspx?pid=3499897&bid=37672
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=3499897&bid=37672 HTTP/1.1
Host: b1.trickyrock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 08 Oct 2022 13:54:18 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 08 Oct 2022 13:54:18 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3499897%2c%22BID%22%3a37672%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665237258972)%5c%2f%22%2c%22CookieTag%22%3a%22376723499897451240919C20221081354%22%7d%5d; SameSite=None;; domain=.trickyrock.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228201493603%7c1%22%7d%5d; domain=.trickyrock.com; expires=Mon, 08-Oct-3021 13:54:18 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=35
X-Firefox-Spdy: h2
no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-length: 0
location: https://no.unibet.com:443/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
set-cookie: JSESSIONID=node0oewibyxmvsi1r7aawn6dzfyl2783297.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; Path=/; Domain=.unibet.com; Expires=Mon, 07-Oct-2024 13:54:19 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Mon, 07-Oct-2024 13:54:19 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.com; Expires=Mon, 07-Oct-2024 13:54:19 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 08-Oct-2022 13:54:34 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37672; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
PID=3499897; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 08-Oct-2022 13:54:34 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2750544; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=38826280; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 08-Oct-2022 13:54:34 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=no.unibet.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 08 Oct 2022 13:54:19 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
no.unibet.com/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2750544&affiliateId=1&unibetTarget=/no/pop/casino/bookofdead/index.html&targetDomain=https://welcome.unibet.com&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&affiliateId=1&pid=3499897&bid=37672&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-length: 0
location: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 08 Oct 2022 13:54:19 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
23.36.79.25200 OK 638 B IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash 6017198b8ff375c7e48c5d53946729ef
090ac481406ef5eac7d4d657636b8c846609f351
0df20d0152b0bf7e03a4c822304c537d1113d632c2c4a7d98c19bd6578d6901d
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Sat, 08 Oct 2022 13:54:19 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 02:36:40 GMT
expires: Mon, 02 Oct 2023 02:36:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 559059
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/rg-logo-.svg
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/rg-logo-.svg
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/rg-logo-.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 1.3 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash 0a32745e04a24690e59d611473974906
b54d69a7cb59fa5c7e8a2eac1d7f5adf11ce3fb5
af5c338ef34d6474ca1fa2700e9fa170abe99297d6485837cc8c68197817c7ce
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/authority-.png
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/authority-.png
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/authority-.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/-payments.svg
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/-payments.svg
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
www.unibet.com/
85.184.96.0301 Moved Permanently 162 B IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html
content-length: 162
location: https://no.unibet.com/
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
set-cookie: clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/gambling-commission.png
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/gambling-commission.png
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/casino/bookofdead/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
no.unibet.com/
85.184.96.0200 OK 165 kB IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Size 165 kB (164630 bytes)
Hash 1d53b80ebc2dea6bd1becd72ee4247e5
104ec2c4f63b872557e2c09310c1ca528d6badb0
c55085a3f1bad587be5fa0ce4d7798292541e6a1a393449751a36889e7fe1577
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Sat, 08 Oct 2022 13:54:04 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.10200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.10:0
Hash 2f9f63e73fa281b62e8d5402551e18e3
294cb8667b990c7139a43e5437bd133d284d093a
a4626c21916f48830a424c89a5312e0ada15d7fde42d3cfb9ea9d3cb38855563
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 13:54:19 GMT
date: Sat, 08 Oct 2022 13:54:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 00776157dc98913405595c4b126e9ee2
8ee3950fa60340b03e0c53c8e5e07d18321a69f0
daa313ad6f0cb705d8a4fdb55aa65ffd6c1695326409c2ccf378e3c7e36de35c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/no/pop/casino/bookofdead/unibet-logo.svg
108.161.188.196200 OK 75 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/unibet-logo.svg
IP 108.161.188.196:0
Hash 7c510c10a4217c8c93a7329097d0a76c
63775aba958580680911788a1a43c725472a38e9
0322aca1ebad55cf5068d8fe74061b810c4ccaaa9fc9ebdc8939d27281a5c415
GET /no/pop/casino/bookofdead/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEDE4234"
x-ms-request-id: 44345dc3-001e-005c-011c-db475a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/nba-logo.svg
108.161.188.196200 OK 21 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/nba-logo.svg
IP 108.161.188.196:0
Hash 222a61c4c5a181f26483d89892cbb270
091537156d5be8bf79306272859805d44e9cd5c2
c3992ca68493a03d6977bc619ffa5c043651defbfbfe2d32f5ffa1e2270fef07
GET /no/pop/casino/bookofdead/nba-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eaLstWd+oATN0BmGvlb9dw==
last-modified: Tue, 24 May 2022 14:42:56 GMT
etag: W/"0x8DA3D93B143014C"
x-ms-request-id: ed906952-d01e-0070-711c-dbabf5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
no.unibet.com/
85.184.96.0200 OK 53 kB IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash bb9b5309685267df1f619253c3c0c883
4890a8a35d2f9c5290b772cbcaecdc28b04695c6
a842774975044a2d3b2f6d17c7367d7fa1b988e45d0ff225a7965b4f7c2f4380
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Sat, 08 Oct 2022 13:54:04 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
108.161.188.196200 OK 18 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 108.161.188.196:0
Hash 6d64584dcc3a0b9d18c9c97005c02392
e2e22459f92546801347ad1f628afa66c0cc41f1
f24eb5c094b34f717ce871ddcb7749cf4b077e6989d6c8682e551e535774bbfc
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: 5f6bfae4-d01e-002d-38f2-daa171000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-casino.svg
108.161.188.196200 OK 80 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-casino.svg
IP 108.161.188.196:0
Hash 85b1ec3a535f09784ac235d12cf486dd
d538ff032a1f4fcd68632df264199adb4def8db8
c0a1ca5ee6893b16c700f38d3a65d750568c26d666c2e031a2a6a9352746f1f1
GET /no/pop/casino/bookofdead/icon-casino.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: u/57C1Al21ESpXtbDs6sbw==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B04F0122"
x-ms-request-id: 1e0a949e-c01e-0031-4f1c-dbf311000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/no/pop/casino/bookofdead/mohegan-sun.svg
108.161.188.196200 OK 10 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/mohegan-sun.svg
IP 108.161.188.196:0
Hash 84e53e5f566cc325be7b9e2a4bef4f51
a4962cc6840951e86dc34ff643579ba11920cf23
fc7042cfdc95eb84ecb1c3b335c154b6d6663c226b6cc7fa304daa5401a55357
GET /no/pop/casino/bookofdead/mohegan-sun.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: FigwSmn7Dxw3hSNn0dwE0A==
last-modified: Tue, 24 May 2022 14:42:56 GMT
etag: W/"0x8DA3D93B111BF57"
x-ms-request-id: 26691d84-c01e-0021-4e1c-db3679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/1-main.js
108.161.188.196200 OK 22 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/1-main.js
IP 108.161.188.196:0
Hash 7242d9faec90a6a9a7afcb8a426fc3f1
892324397223b1ada51f7431d0def3e7492f5c84
43f8202d63be4efc355535bd78f3505481b282e06b42af958fe5547081cc6e7b
GET /no/pop/casino/bookofdead/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: kt67ksnBu92zK/+O3T2K7g==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AE71FBC6"
x-ms-request-id: 6a638cfb-901e-002c-0a1c-dbfead000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/android-button.svg
108.161.188.196200 OK 2.5 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/android-button.svg
IP 108.161.188.196:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5913), with no line terminators
Hash 26b465ad7175e78e6a4ff380b9a61a10
6140ddda275bc51dd17e2b4b2d271c9b1d564827
46bd0d7ce77a502d7e67c0898729210bac79de33f0d5c64ee861a28c154f8ae5
GET /no/pop/casino/bookofdead/android-button.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QRSghDb6fqDnPRxmntJCIQ==
last-modified: Tue, 24 May 2022 14:42:57 GMT
etag: W/"0x8DA3D93B159933F"
x-ms-request-id: 71e51157-e01e-0009-131c-db57d1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 51c390159903c17ac5df6938dc229d27
293a187c95b08c020814f170f446c13f1e889f45
230550cbcbf9628a6dba7f865301104995c35e2faa85854890c17f3f2b2f3283
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:19 GMT
Last-Modified: Sat, 08 Oct 2022 12:07:04 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.210.46200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.210.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 08 Oct 2022 13:54:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: c79a7a2f-a1b7-4ded-9da8-4f5f388f17be
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2C%>Z1Y3x!1yIE'Yg-$0y=/d!!%nt$GLPS; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 06-Jan-2023 13:54:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
no.unibet.com/
85.184.96.0200 OK 76 kB IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (35677), with CRLF, LF line terminators
Hash 897563e94d3ac68a52c76d88d8ab30d3
279a6fa56d068488d2653f4e5aa9d841a31c8528
3975bb2f36db920fcedeb4b2b8b9b01b19c80731050122e70bb11766b7f95e52
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544; clientId=polopoly_desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Sat, 08 Oct 2022 13:54:04 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 510cc553ecd3e913f9520b5cf35ce66d
9cb838f05341d8629471abd0de601b799cc348f6
f4aa144d1987e8e23bb1b0ff8b2dc3fa15db97b2bdb7947e0e927adf4a27ad27
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6068
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 13:54:20 GMT
Last-Modified: Sat, 08 Oct 2022 12:13:12 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
unibet.demdex.net/dest5.html?d_nsid=0
52.18.235.86200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 52.18.235.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 8 Oct 2022 13:54:20 GMT
DCS: dcs-prod-irl1-2-v044-08a9bb06a.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:47:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: USxlm2KcSek=
transfer-encoding: chunked
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=01887412456664740461972612158013027899&ts=1665237259979
13.36.218.177200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=01887412456664740461972612158013027899&ts=1665237259979
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=01887412456664740461972612158013027899&ts=1665237259979 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sat, 08 Oct 2022 13:54:20 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/no-payments.svg
108.161.188.196200 OK 9.7 kB URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/no-payments.svg
IP 108.161.188.196:0
Hash 73f19940da8b3afba30fba2851e3032d
a36b61d0d7a45f77179771805bd96abadd063027
ba3ff3217cefc6a9b6b7d782cc32bc7a117feda96dc22c851a9296277afe2e02
GET /no/pop/casino/bookofdead/no-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Tue, 24 May 2022 14:42:53 GMT
etag: W/"0x8DA3D93AF5B010A"
x-ms-request-id: 3935b276-f01e-0005-221c-dbc0d9000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82829586884390?AQB=1&ndh=1&pf=1&t=8%2F9%2F2022%2013%3A54%3A20%206%200&mid=01887412456664740461972612158013027899&aamlh=6&ce=UTF-8&pageName=LP%3A2021%20-%20Casino%20-%20Always-On%20-%20Book%20of%20Dead&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3Abookofdead%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=1%3A54%20PM%7CSaturday&v6=1%3A54%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1665237260&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A81732754%3A3499897-37672&v122=NONE&v124=2750544&v125=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&v126=3499897&v127=37672&v134=1665237259&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
13.36.218.177200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82829586884390?AQB=1&ndh=1&pf=1&t=8%2F9%2F2022%2013%3A54%3A20%206%200&mid=01887412456664740461972612158013027899&aamlh=6&ce=UTF-8&pageName=LP%3A2021%20-%20Casino%20-%20Always-On%20-%20Book%20of%20Dead&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3Abookofdead%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=1%3A54%20PM%7CSaturday&v6=1%3A54%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1665237260&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A81732754%3A3499897-37672&v122=NONE&v124=2750544&v125=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&v126=3499897&v127=37672&v134=1665237259&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82829586884390?AQB=1&ndh=1&pf=1&t=8%2F9%2F2022%2013%3A54%3A20%206%200&mid=01887412456664740461972612158013027899&aamlh=6&ce=UTF-8&pageName=LP%3A2021%20-%20Casino%20-%20Always-On%20-%20Book%20of%20Dead&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%3Fmktid%3D1%3A81732754%3A3499897-37672%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26bid%3D37672%26campaignId%3D2750544%26pid%3D3499897&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3Abookofdead%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=1%3A54%20PM%7CSaturday&v6=1%3A54%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1665237260&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A81732754%3A3499897-37672&v122=NONE&v124=2750544&v125=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&v126=3499897&v127=37672&v134=1665237259&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sat, 08 Oct 2022 13:54:20 GMT
expires: Fri, 07 Oct 2022 13:54:20 GMT
last-modified: Sun, 09 Oct 2022 13:54:20 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3576069786997293056-4619719024218892714
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=01847255119687366771976778661030316960
34.248.32.199302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=01847255119687366771976778661030316960
IP 34.248.32.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=01847255119687366771976778661030316960 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sat, 08 Oct 2022 13:54:20 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y0GBDAAAAMYAOwN6; Domain=.everesttech.net; Expires=Sun, 08-Oct-2023 13:54:20 GMT; Path=/
everest_session_v2=Y0GBDAAAAMYAPAN6; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
54.76.210.146302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
IP 54.76.210.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v044-0250f6bca.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=74116811575953524290013212876394288335; Max-Age=15552000; Expires=Thu, 06 Apr 2023 13:54:20 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: zEPD1E5BQc8=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
54.76.210.146200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6
IP 54.76.210.146:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0GBDAAAAMYAOwN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v044-0460362a2.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: Ia8y5FJhS+E=
Content-Length: 59
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5c4757ceb6dce32d0f9d26d5b3df038
d8209d82f61c7a09e00756e5dd32c99bc61af4a8
6aa007279ba4cdea3f772e0601e4082d40ee947ef8cc1201ce0009fb42ca9885
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3c3ff89f-8a8c-44ae-981a-0e9adaf7d959
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dSEs8IAMFqFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-6c97b82d137c2f1951270b82;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wWlD3C6HI9oxa0VAYA6N5afAcUDTQXdO8X31eZUglfdC6jSQo_gew==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 08 Oct 2022 03:29:14 GMT
age: 37510
etag: "d8209d82f61c7a09e00756e5dd32c99bc61af4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3
139.45.197.152200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3
IP 139.45.197.152:0
GET /?l=qCqekRDLtEBTXwP&s=602611333963456836&z=4574936&g=NO&svar=1665237256&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1665237256&ssk=6ab0fde684177cf2d56d7ac9412aef0f&svarok=1&b=79056&oaid=aba1391c6e99413db3e97b2110d9dbbd&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 13:54:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=8XIaa1XXQS7ff7DAD_Nieb4K7Q2zJ-9iw1ZiKV27-U0; expires=Sat, 08-Oct-2022 14:54:16 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/gb-when-the-fun-stops.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/gb-when-the-fun-stops.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/gb-when-the-fun-stops.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: aKFt6UnI1NUrF+upCSAbIA==
last-modified: Tue, 24 May 2022 14:42:54 GMT
etag: W/"0x8DA3D93AF8084E1"
x-ms-request-id: 4e6ce200-a01e-0008-401c-db080d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/darts-european.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/darts-european.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/darts-european.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: zoYCq/GGL4hzx6fLGfy4TA==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AE61D185"
x-ms-request-id: d69b6025-401e-0010-2e1c-dbd76a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/mga-logo.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/mga-logo.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/mga-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Tue, 24 May 2022 14:42:54 GMT
etag: W/"0x8DA3D93AF8F4FC1"
x-ms-request-id: 1fb0aaae-c01e-0043-501c-dbf45e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/18-plus.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/18-plus.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/18-plus.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEBE14CA"
x-ms-request-id: e0b16d98-701e-001b-021c-db2c01000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-trust.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-trust.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B0567A22"
x-ms-request-id: 4a543705-601e-0038-131c-dbb6c2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/icon-expert.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/icon-expert.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B05DCC0F"
x-ms-request-id: 23062931-501e-0041-281c-db4ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/utv-logo.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/utv-logo.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Tue, 24 May 2022 14:42:52 GMT
etag: W/"0x8DA3D93AEAED4CB"
x-ms-request-id: 8102495a-e01e-006b-281c-db95f6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/bottom-slash.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/bottom-slash.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/bottom-slash.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 1LyEcsHHwYdod9rpxIDp2A==
last-modified: Tue, 24 May 2022 14:42:56 GMT
etag: W/"0x8DA3D93B10A947D"
x-ms-request-id: 12d61de5-801e-001f-4e1c-dba106000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: XiMVk88BNkcCl05DTI4pAQ==
last-modified: Tue, 24 May 2022 14:42:51 GMT
etag: W/"0x8DA3D93AE3A0410"
x-ms-request-id: 86f30d48-701e-0079-541c-dbee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/1-styles.css
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/1-styles.css
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: ju6iUSU8PdM9jIesylUeYA==
last-modified: Tue, 24 May 2022 14:42:51 GMT
etag: W/"0x8DA3D93AE480BBC"
x-ms-request-id: a25be159-d01e-003d-161c-db6419000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: text/css
x-amz-id-2: kIWUcp4/gRprxrhG4Bo7YL49QfCfoJzgcb+lBni7kDeALpU6YcOHbXZK3Ce3+VKgInDBPr7yuoA=
x-amz-request-id: GQJ6HHGYZ6JW9X6Q
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 29975486
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2suwq8cqTdSWGL34urS3o0kTvLC7vyMMX%2FgkizcUjS3KkPvsdwXMwIAkfG8mMSkniGBKlKOimBbnSLet08%2BW5PpkQWb4iTN%2FDkwwZcTuzpHMKVgDh2OLNdYBr0ax92d3MZFnfSlQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 756f5e27d81688a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399/
104.21.49.22301 Moved Permanently 0 B URL HTTP/2 go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399/
IP 104.21.49.22:0
GET /request/8b72acf3-0180-452d-a648-91b1c8d95399/ HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Sat, 08 Oct 2022 13:54:16 GMT
content-type: text/html; charset=utf-8
location: /request/8b72acf3-0180-452d-a648-91b1c8d95399
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hX7IZu96SlgHSiSrLG%2Fp3OMLdNPMf5Tf6287VCru9A3UjpKgzidu5Rd7zsQVP8kGpuJJCH5odnCEHRZp6%2Fd%2F2YDaECpTSSSOnCJuZf4e%2FsgRXJXwa2Iqp4s71nK0YZnE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 756f5e114da4b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399
104.21.49.22302 Found 0 B URL HTTP/2 go.bvmcdn.org/request/8b72acf3-0180-452d-a648-91b1c8d95399
IP 104.21.49.22:0
GET /request/8b72acf3-0180-452d-a648-91b1c8d95399 HTTP/1.1
Host: go.bvmcdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
date: Sat, 08 Oct 2022 13:54:16 GMT
content-type: text/html; charset=utf-8
location: https://gtoonfd.com/link?z=4574935&var=b2ab689a-b0a0-4fbd-9ad4-e600fcb634cb&ymid=cd0o225ip8jklp0pt0m0
set-cookie: vrt-8b72acf3-0180-452d-a648-91b1c8d95399=1; Path=/; Max-Age=86400; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6r3lxSZuAr%2BKWyWjcFa1zRiXsAliTd9Wr9z2CRP6i6aXM1Kkp%2BWeOBLePQas4orQOQzcb05G9EXqgUFqJ0RqRiLEWhP2uM88PWASixFDzLBS8YcW1ubXD%2BCzTyoIELG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 756f5e133f7eb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/com-payments.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/com-payments.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Tue, 24 May 2022 14:42:53 GMT
etag: W/"0x8DA3D93AF09B8AB"
x-ms-request-id: 6a617490-a01e-0018-581c-dbcd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/casino/bookofdead/gb-derby.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/casino/bookofdead/gb-derby.svg
IP 108.161.188.196:0
GET /no/pop/casino/bookofdead/gb-derby.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/casino/bookofdead/index.html?mktid=1:81732754:3499897-37672&btag=81732754_4BD8E8E6B0F247958757FD5D865ADE3C&bid=37672&campaignId=2750544&pid=3499897
Cookie: __ucbt=node0oewibyxmvsi1r7aawn6dzfyl2; uniattr=ST.0.T; uniattr_ref=; campaignId=2750544; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81732754_4BD8E8E6B0F247958757FD5D865ADE3C; BID=37672; PID=3499897; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750544%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2Fbookofdead%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D81732754_4BD8E8E6B0F247958757FD5D865ADE3C%26affiliateId%3D1%26pid%3D3499897%26bid%3D37672; AFFILIATE_CAMPAIGN_ID=2750544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 13:54:19 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Rg5ggSvQeRWtE4Tg0KHTXw==
last-modified: Tue, 24 May 2022 14:42:55 GMT
etag: W/"0x8DA3D93B032A3B0"
x-ms-request-id: 3bf2c74a-b01e-002b-591c-db92ce000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2