firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gdZgTToHx-mPVVq9vvRZDix_cP_gemwSJL0MiZqASmB2kLLxFOFjoA==
Age: 16893
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eabb7d9ffae717f7305d63c057755470
3b7f0baccfdbb8d9ffefa4a2215d4d6094be454a
ab48f17e54075e1ecf034278e82bcacd2e3689773186cc84fba9b79aac907294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3128
Expires: Wed, 05 Oct 2022 21:21:00 GMT
Date: Wed, 05 Oct 2022 20:28:52 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zz2i-tReZCvwCcoDPL6j0nSAQNhq5oAA7qbon5a_NSPhZz5cYnU6Pw==
age: 59180
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 20:28:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mkkuei4kdsz.com/334/106.html
200 OK 329 B URL HTTP/1.1 mkkuei4kdsz.com/334/106.html
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /334/106.html HTTP/1.1
Host: mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 05 Oct 2022 20:28:52 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10445436
expires: Mon, 25 Sep 2023 20:28:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofaH%2F%2BQMJQYrUafU%2FH0uw6CcuVYwsolyi7Huh5vN8FJOLnZ7o%2BzstIM0chWK6AZF89SpacziDJpnE3LSXnuMg8na90EBteBryZE%2BOu7I%2F%2FViocYXrAGsKXlzlSbZPT4DsoSWMSVQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7558e7fb4cf50b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 5f1270fc1a11a7ab21f3853910950105
bf92eed1097e47f7ee0271cbd086263c17f8b241
48c9fd056bd8a1309ec1f4bfb4b0735d23b656b04fe649ad0a25257c895b7e4d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "48C9FD056BD8A1309EC1F4BFB4B0735D23B656B04FE649AD0A25257C895B7E4D"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5286
Expires: Wed, 05 Oct 2022 21:56:58 GMT
Date: Wed, 05 Oct 2022 20:28:52 GMT
Connection: keep-alive
domaincntrol.com/?orighost=http://mkkuei4kdsz.com/334/106.html
200 OK 28 B URL HTTP/2 domaincntrol.com/?orighost=http://mkkuei4kdsz.com/334/106.html
IP
File type ASCII text, with no line terminators
Hash 7aae16ed70d2e07943585bbb1cd02b55
3209123510c034e6e38ca45edf14307f1375a8f5
51bfb53a70df6adc48f0670be59a16a657ab5a2bafc176973a32d5c36a4fc5d3
GET /?orighost=http://mkkuei4kdsz.com/334/106.html HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:52 GMT
content-type: text/javascript;charset=UTF-8
content-length: 28
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZB%2FcGeLjEJmk4oqM0mauKF%2BILtCFAQnvkW2cgfOYlZ8NTPHJjC0ifhjqIdl%2FhOa6nrtHiOjavdfe5z9Xf69UDdSO1eGTXoaYnYtEIw0dlWJgrXQm9CS5lCjdpeaoDkfTTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e7fbf9501c0a-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 05 Oct 2022 19:32:19 GMT
Expires: Wed, 05 Oct 2022 19:38:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sEDQ1u_GJUmNZAEolw5EvYejj31z4OAosTDdCe8MFsObGWuaDiYepQ==
Age: 3393
ocsp.digicert.com/
200 OK 471 B IP
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1079
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:52 GMT
Last-Modified: Wed, 05 Oct 2022 20:10:53 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZB2HMJl4lI1E4KdWLSHaHg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: byjw/Zv/OkDCoiwi3a7dTLwGpzI=
ww2.mkkuei4kdsz.com/
200 OK 1.3 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (700)
Hash 574f81135475173938099f756804bc83
3aa1943e3bec28f07a6c725c52c34f2417160fb0
262c2457d62c0fde884c5401a75792f06dcab60b4fa68ac8b36e3f134f8ad9c3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Wed, 05 Oct 2022 20:28:54 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RlGSCujrTwIV09ewwdBk8PiCOXknsvjzonXp/BabLYsbM4wWv0k1teTkRJynKg7Y1QeTz1UsnxJZ/TvhfinDdA==
last-modified: Wed, 05 Oct 2022 20:28:52 GMT
x-cache-miss-from: parking-69b897b95b-xx927
server: NginX
content-encoding: gzip
img.sedoparking.com/images/js_preloader.gif
200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 20:28:54 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Wed, 12 Oct 2022 20:28:54 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: cb6505f1f9eb117644870bb1dedb0470
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww2.mkkuei4kdsz.com/search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2NTAwMTczNGY3Mzk4YTRmYTc3ZTQwYjA5OTJkMTU0YzUxM2Y5ZDc1&crc=2e35b80b0725d80aad45d5135c0d812b8be80cd1&cv=1
200 OK 0 B URL HTTP/1.1 ww2.mkkuei4kdsz.com/search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2NTAwMTczNGY3Mzk4YTRmYTc3ZTQwYjA5OTJkMTU0YzUxM2Y5ZDc1&crc=2e35b80b0725d80aad45d5135c0d812b8be80cd1&cv=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY2NTAwMTczNGY3Mzk4YTRmYTc3ZTQwYjA5OTJkMTU0YzUxM2Y5ZDc1&crc=2e35b80b0725d80aad45d5135c0d812b8be80cd1&cv=1 HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
HTTP/1.1 200 OK
date: Wed, 05 Oct 2022 20:28:54 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-69b897b95b-g4w4f
server: NginX
ww2.mkkuei4kdsz.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D
302 Found 0 B URL HTTP/1.1 ww2.mkkuei4kdsz.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Wed, 05 Oct 2022 20:28:54 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Wed, 05 Oct 2022 20:28:54 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D
x-cache-miss-from: parking-69b897b95b-jm4r7
server: NginX
ww2.mkkuei4kdsz.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D
302 Found 311 B URL HTTP/1.1 ww2.mkkuei4kdsz.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash afe093977b1927dd262f1344937e2153
7abe9574eb1e1bae078b747c7da044694174c4a9
f322d7c554422adb758eeab2c72aec2f022fd68b7f45364d7d239cb8554c2c3b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DXaka63zyCj0_0&v=MTAyODJlZWUzNTVlYTAyZWQ4YWU0NWUyYjBhYTUzZmYJMQl3dzIubWtrdWVpNGtkc3ouY29tNjMzZGU5MDRkMmU5ZDMuNDMzNDcxODAJd3cyLm1ra3VlaTRrZHN6LmNvbTYzM2RlOTA0ZDJlYzE5LjY5MzA3MDkxCTE2NjUwMDE3MzQJYWRfNjNfMA==&l=OAk4NDk0NDYyMjQwZmI0NTM0MzgyYTEyMDJiNTJmMzQ1OQkwCTM1CTAJNzc4N2RhYTQ3YTVmYmViYWM3NThkNGE4MzRkMTIxYmMJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NjUwMDE3MzQJMC4wMDAxODIJTgkwCTEJMTgwNQkxMjA1CTE5NDA0MzE0Mgk5MS45MC40Mi4xNTQJMA%3D%3D HTTP/1.1
Host: ww2.mkkuei4kdsz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Wed, 05 Oct 2022 20:28:54 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Wed, 05 Oct 2022 20:28:54 GMT
location: http://xml.sedodna.com/click?i=Xaka63zyCj0_0
x-cache-miss-from: parking-69b897b95b-58q52
server: NginX
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13469
Expires: Thu, 06 Oct 2022 00:13:23 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13469
Expires: Thu, 06 Oct 2022 00:13:23 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13469
Expires: Thu, 06 Oct 2022 00:13:23 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13469
Expires: Thu, 06 Oct 2022 00:13:23 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13469
Expires: Thu, 06 Oct 2022 00:13:23 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3257b782efae9b64e6e18a547866ec50
4daf0c001e86af8477fb097e8ca932edb8e5f981
899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 81911
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 58965
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42ab91a02aa34dbcc6d56e75fd0d7fc5
32a3ebb440b3d770c446bef75c39ce788ffeb034
397373a17846231eb149c3a207574b79c5ca6c7832ffd48da9c8f1e8e0aa9f69
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13615
x-amzn-requestid: 3aaef924-99ea-407a-acc6-ec7d294952a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHG_GDcoAMFfuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a522c-488613591ddf46181bdded50;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2EtPbSkffJVkwiA3hlDRimFxjNmd2FXv4vwcQZ2aYBsiF4ApXgHrLQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:40:34 GMT
age: 56900
etag: "32a3ebb440b3d770c446bef75c39ce788ffeb034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 229c99cfb655a8c9f1a22de69fdff73c
6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 81121
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d7d7df8d4c440f9db445c3d99e818d6
612b6dbd4ba895c167964ff7e6d9263013b52b0a
bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 56147
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1de7c17a0ba9295135e7f8b490b6a8d3
70e8d1589f3daf71378965dd197934e220fb6aa4
ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 81929
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xml.sedodna.com/click?i=Xaka63zyCj0_0
302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=Xaka63zyCj0_0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=Xaka63zyCj0_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://vatcalf.com/nnv8s9q3s?auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU&key=c8aa99f83b13fe6df17d2274f579c699&ap=${AUCTION_PRICE}&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&
Pragma: no-cache
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4b00a1f07c10e641fb3288c3115cacc3
2895a8d387715200e7afc73b549d2e916fdce550
0ebfc1208ad91ba16d589a3323301412edc0a60e9ef30896a60ee5bd64483b80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0EBFC1208AD91BA16D589A3323301412EDC0A60E9EF30896A60EE5BD64483B80"
Last-Modified: Wed, 05 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19024
Expires: Thu, 06 Oct 2022 01:45:58 GMT
Date: Wed, 05 Oct 2022 20:28:54 GMT
Connection: keep-alive
vatcalf.com/nnv8s9q3s?auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU&key=c8aa99f83b13fe6df17d2274f579c699&ap=${AUCTION_PRICE}&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&
200 OK 3.0 kB URL HTTP/1.1 vatcalf.com/nnv8s9q3s?auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU&key=c8aa99f83b13fe6df17d2274f579c699&ap=${AUCTION_PRICE}&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (585)
Hash bb8a8e6d20fe128951f9bc64c65bc131
baeb337325e3a4e87c35adfb6e404e675c3567cb
8a302180c704355253b96c948102ad23cea72e8da51f3478e29949a2ae8e799b
Analyzer Verdict Alert quad9 Sinkholed
GET /nnv8s9q3s?auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU&key=c8aa99f83b13fe6df17d2274f579c699&ap=${AUCTION_PRICE}&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de& HTTP/1.1
Host: vatcalf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 05 Oct 2022 20:28:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17196958; expires=Thu, 06 Oct 2022 20:28:54 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE5Njk1OCwiayI6ImM4YWE5OWY4M2IxM2ZlNmRmMTdkMjI3NGY1NzljNjk5Iiwic2lkIjoiMzkzNTkxXzI0MDkzNF80ODIyNzgiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE4NDQxNTksInBpZCI6MTU0MDQ0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMzLCJhaWQiOjI4LCJwdCI6OCwicGsiOiJubnY4czlxM3MiLCJ0IjoxfSwicGIiOnsicmVwIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8iLCJpZiI6dHJ1ZSwibmMiOmZhbHNlLCJuaiI6ZmFsc2UsImluIjpmYWxzZSwidHAiOjEsIm5hIjpmYWxzZX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3cyLm1ra3VlaTRrZHN6LmNvbS8ifX0.6NXHcW8o-Wv-SPhpNvh8nhOY1zrzrryq1vs9HB9flMU; expires=Wed, 05 Oct 2022 20:29:54 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2676500e869812393f468ae54e0df4fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
vatcalf.com/nnv8s9q3s?pst=1665001794&rmtc=t&uuid=&pii=&in=false&refer=http%3A%2F%2Fww2.mkkuei4kdsz.com%2F&key=c8aa99f83b13fe6df17d2274f579c699&ap=%24%7BAUCTION_PRICE%7D&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&shu=d8305791def9e853947a88421286766001052ff968ebc04b45f103167493a0e6467a3c31cacd6221f6bda2f65651fc18acf8007522a10a1fc3076ac359d564455c808d24448bc13ed68b6b733a1196533443ca12&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002&auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU
302 Found 0 B URL HTTP/1.1 vatcalf.com/nnv8s9q3s?pst=1665001794&rmtc=t&uuid=&pii=&in=false&refer=http%3A%2F%2Fww2.mkkuei4kdsz.com%2F&key=c8aa99f83b13fe6df17d2274f579c699&ap=%24%7BAUCTION_PRICE%7D&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&shu=d8305791def9e853947a88421286766001052ff968ebc04b45f103167493a0e6467a3c31cacd6221f6bda2f65651fc18acf8007522a10a1fc3076ac359d564455c808d24448bc13ed68b6b733a1196533443ca12&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002&auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /nnv8s9q3s?pst=1665001794&rmtc=t&uuid=&pii=&in=false&refer=http%3A%2F%2Fww2.mkkuei4kdsz.com%2F&key=c8aa99f83b13fe6df17d2274f579c699&ap=%24%7BAUCTION_PRICE%7D&l=3577992&sub3=1665001733&pid=154044&auid=df365a312fbc3db2dd5118e3e839b7de&shu=d8305791def9e853947a88421286766001052ff968ebc04b45f103167493a0e6467a3c31cacd6221f6bda2f65651fc18acf8007522a10a1fc3076ac359d564455c808d24448bc13ed68b6b733a1196533443ca12&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002&auie=eyJhbGciOiJIUzI1NiJ9.eyJ1YSI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJwcyI6IjM5MzU5MV8yNDA5MzRfNDgyMjc4IiwiYWkiOiJkZjM2NWEzMTJmYmMzZGIyZGQ1MTE4ZTNlODM5YjdkZSIsImJpZCI6MC4wMDA0Nzk5OTk5OTk5OTk5OTk5NiwiYyI6MC44LCJsIjozNTc3OTkyLCJlYW4iOi0xLCJzIjoiZjVjN2NiZDFmN2U1Yjc1NjI5ZWQwNDc2ZTc1YWI3MDc2NGM2MDYzNzliMTcyYWU3OGVjMDI5MDE0MzVmNWU3NThmNjY3YTRhMmYxMzI2ZDVhNjJlYTBhNzdkMDY3M2MzMGM4YTMxNWVmNWJkMjE2Yzg4YWE1ZCIsImV0IjoiMTY2NTAwMjMzMyJ9.JakHF_JNr5gC6LHSFWgqdttGE7CXwX-DLE0S05B0JJU HTTP/1.1
Host: vatcalf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vatcalf.com/nnv8s9q3s?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17196958
Cookie: u_pl=17196958; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzE5Njk1OCwiayI6ImM4YWE5OWY4M2IxM2ZlNmRmMTdkMjI3NGY1NzljNjk5Iiwic2lkIjoiMzkzNTkxXzI0MDkzNF80ODIyNzgiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE4NDQxNTksInBpZCI6MTU0MDQ0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMzLCJhaWQiOjI4LCJwdCI6OCwicGsiOiJubnY4czlxM3MiLCJ0IjoxfSwicGIiOnsicmVwIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8iLCJpZiI6dHJ1ZSwibmMiOmZhbHNlLCJuaiI6ZmFsc2UsImluIjpmYWxzZSwidHAiOjEsIm5hIjpmYWxzZX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3cyLm1ra3VlaTRrZHN6LmNvbS8ifX0.6NXHcW8o-Wv-SPhpNvh8nhOY1zrzrryq1vs9HB9flMU; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.9
Date: Wed, 05 Oct 2022 20:28:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17196958
Set-Cookie: pdhtkv=true; expires=Thu, 06 Oct 2022 20:28:55 GMT
uncs=1; expires=Thu, 06 Oct 2022 20:28:55 GMT
pdhtkv28=true; expires=Thu, 06 Oct 2022 20:28:55 GMT
uncs28=1; expires=Thu, 06 Oct 2022 20:28:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dbe90ea1b184e799c87b61c05ab0127a
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17196958
301 Moved Permanently 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17196958
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17196958 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vatcalf.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 05 Oct 2022 20:28:55 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 05 Oct 2022 20:28:55 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 05-Oct-3021 20:28:55 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=52
X-Firefox-Spdy: h2
no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950
301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vatcalf.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 20:28:55 GMT
content-length: 0
location: https://no.unibet.com:443/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950
set-cookie: JSESSIONID=node0anuh56ez4g3kslve106ajjt11417218.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0anuh56ez4g3kslve106ajjt11; Path=/; Domain=.unibet.com; Expires=Fri, 04-Oct-2024 20:28:55 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Fri, 04-Oct-2024 20:28:55 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://vatcalf.com/"; Path=/; Domain=.unibet.com; Expires=Fri, 04-Oct-2024 20:28:55 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Wed, 05-Oct-2022 20:29:10 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
PID=86075577; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fvatcalf.com%2F; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Wed, 05-Oct-2022 20:29:10 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=39061804; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Wed, 05-Oct-2022 20:29:10 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=no.unibet.com; Path=/; SameSite=None; Secure
referer: https://vatcalf.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 05 Oct 2022 20:28:55 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
no.unibet.com/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950
301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&sref=ADST&ADST=17196958&affiliateId=1&pid=86075577&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vatcalf.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 20:28:55 GMT
content-length: 0
location: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 05 Oct 2022 20:28:55 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
200 OK 638 B IP
ASN #20940 Akamai International B.V.
Hash d5eed7997eba07389a66194a1ec7858b
63ed78a63e36ad33f0e4840f199a7198eed7e949
f50b24a0b96101c4ffff5009e3af5d49795bf946257c8036640ccebe3155582c
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Wed, 05 Oct 2022 20:28:56 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a1s.unibet.com/orval/tracking/lastclick.min.js
304 Not Modified 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 304 Not Modified
date: Wed, 05 Oct 2022 20:28:56 GMT
etag: "705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 08:20:49 GMT
expires: Mon, 02 Oct 2023 08:20:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 302887
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/app-sports-icon.svg
200 OK 10 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/app-sports-icon.svg
IP
Hash b844562c5b63e28457a1c91ec071b4e1
34264b3e7d7ef2cb31628c6660ecb8f3d5b9e499
0f6d075834aa5d2db0248d9c874d4b98a8ba5f62313b3249781ec7f8851ea96d
GET /no/pop/multisport/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B682FA1D49"
x-ms-request-id: 6ba89fea-201e-0006-23f8-d821bd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/unibet-logo.svg
200 OK 1.6 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/unibet-logo.svg
IP
Hash 3f1b7f727823aa061ca34d50871ae6b8
30e1ce6ff8d8459cbde0d9b0f3f8c72579d62c11
1592f17fd6d9d4159ec95fb5f3b26793c0781503b2e439eb0ed2fb1d94310cf9
GET /no/pop/multisport/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 20 Jun 2022 12:15:01 GMT
etag: W/"0x8DA52B6805B919A"
x-ms-request-id: 4ec8c3a3-901e-0071-74f8-d8f429000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/utv-logo.svg
200 OK 487 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/utv-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 7dc0370eaac6b8cb1850400f9773f5a6
cfa8f43cd0700b23da43f7917c2aa28cf7abf15b
705944c52396cb0fa8a1911d3789e04608247bc7907893c502d5f489a8be8f17
GET /no/pop/multisport/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 20 Jun 2022 12:15:01 GMT
etag: W/"0x8DA52B680312C74"
x-ms-request-id: df6c3eed-101e-0022-6bf8-d8d71d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
200 OK 103 kB URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP
Size 103 kB (102825 bytes)
Hash 9d1647ce54f4b215d3bba74860ee7d7d
65d59fef4edde483f85ed3433de9b11d44adbd68
808535ba491f7232980fe20ec739d34a5b9f961754a509ee2fa7954d8c5b2ede
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: bc897d69-e01e-006b-3bf8-d895f6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/Unibet_Pro_2020.woff2
200 OK 11 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/Unibet_Pro_2020.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /no/pop/multisport/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: font/woff2
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 20 Jun 2022 12:15:05 GMT
etag: "0x8DA52B682E2A11A"
x-ms-request-id: 79c868a9-601e-005a-7cf8-d874e5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/no/pop/multisport/google-play-ro.svg
200 OK 77 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/google-play-ro.svg
IP
Hash ff267dc874c409ecbba57341be258314
71c6cc9f8c3a2a7205b949d7191e03d2dc9e5b3b
30711ed8f9c6304a6c35d4d2b037df3757fc7f91e72b06bebc7a446c9382f8d7
GET /no/pop/multisport/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68307D6EA"
x-ms-request-id: 59f41150-101e-0050-4bf8-d8d052000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/app-store-ro.svg
200 OK 5.5 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/app-store-ro.svg
IP
Hash 87db53b76d873d57e150c9951c7fb93d
88b3b4b89d1406862d19c240623c410a542423aa
dec1d4af6282251387fc40eff4a03c645546eb2628cab305c22fc2fd70e7236c
GET /no/pop/multisport/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68300D310"
x-ms-request-id: ccef97a8-d01e-002d-40f8-d8a171000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-expert.svg
200 OK 16 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-expert.svg
IP
Hash e68203a44eece910755e5c27ffcbb442
768d56c4ec1d4091f5d041bd9d85e165f9ff942a
b7907e94f747d2968411fb62126bc3644902e1fba5e001e3d3aa7ef3716d1273
GET /no/pop/multisport/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B6820929CB"
x-ms-request-id: 3de0f78e-b01e-0059-47f8-d89581000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/com-payments.svg
200 OK 28 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/com-payments.svg
IP
Hash 7b4491cf7cd62b447f90b1f9aef2a4ac
c93e72b356800fedaad051704610abf4175f4b7b
973977379e35cfc0c71b663ad302a44068aa57a1608fd6f1e8466366fa51f481
GET /no/pop/multisport/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 20 Jun 2022 12:15:02 GMT
etag: W/"0x8DA52B680877D2F"
x-ms-request-id: cceb40a3-d01e-002d-0ff7-d8a171000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-sports.svg
200 OK 16 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-sports.svg
IP
Hash b1514dd1ab7c585fd8a44a77d5a9f8b6
adb87bee4aa7d716cd9f16b5146462041b80e6a4
621de587e9df4d85ca22cb4070e26e4aa5076c8b4b08e53b5887c47c6136678e
GET /no/pop/multisport/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B682395A83"
x-ms-request-id: c8e3e183-701e-001b-47f8-d82c01000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
200 OK 80 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
File type ASCII text, with very long lines (62112)
Hash 8f94842909fe687deece52d110666c66
77eb0ccffa737881b7b55769da06588c0146e30d
54d89b6775bb672616923a2939ff8f8984b842a552634a619a5faf8ab48bf918
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Oct 2022 20:28:56 GMT
expires: Wed, 05 Oct 2022 20:28:56 GMT
cache-control: private, max-age=900
last-modified: Wed, 05 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79486
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 14abd2aa622a0b3ba503c59896605468
52e77d9707d170eddd54d4992a3cdf737755ce6c
4be2b33d74fdbbc01e1e1ef6cbf28f338b00ca9863932351c2762f71eaa7a5cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2004
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Last-Modified: Wed, 05 Oct 2022 19:55:32 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665001736563
200 OK 499 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665001736563
IP
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 9c98b8365b91f7661b7b638808c54545
4c8563d044adeb82114c89c67d1c1d384d97e5e0
4a2bce1539050858b37ab3231dadef9b64878a86bff56728757e21a06ecd00d3
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1665001736563 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v044-0722c3202.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=66775230678604378033904530147044591399; Max-Age=15552000; Expires=Mon, 03 Apr 2023 20:28:56 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: VbbOWmIQTLs=
Content-Length: 499
Connection: keep-alive
welcome.unibet.com/no/pop/multisport/favicon.ico
200 OK 421 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/favicon.ico
IP
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /no/pop/multisport/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=BLP.1.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19271%7CvVersion%7C4.4.0; sessionPageNumber=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/x-icon
content-length: 421
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 20 Jun 2022 12:15:00 GMT
etag: "0x8DA52B67FC5A91F"
x-ms-request-id: 8f36d79b-c01e-0031-4cf7-d8f311000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 05 Oct 2022 20:28:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 6907a676-a2fa-40db-8d87-5e095d807d62
Set-Cookie: uuid2=6053012524832698398; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 03-Jan-2023 20:28:56 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 471 B IP
Hash b87f4e769aeb0d6bb57196969fec4484
293b63a31b703c2e8ba3047bf68137332a4f9b20
cb9d93268a85929c088eff56b4fe23d40bb8eb7f854058f05fba81182d1c48ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4981
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 20:28:56 GMT
Last-Modified: Wed, 05 Oct 2022 19:05:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
script.crazyegg.com/pages/scripts/0012/9242.js?462500
200 OK 2.1 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?462500
IP
Hash de9cffa5bfc345170188ff1ed1082828
ef1568b8d66f62047d7ce05a5d2bbe5d0510c2fa
d853a4a7f5586699c2888bb9177386d3b0718e9160afcc4d62c9fdfd60b4d8de
GET /pages/scripts/0012/9242.js?462500 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=5675
last-modified: Wed, 05 Oct 2022 14:48:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 20406
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e816e90d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 5 Oct 2022 20:28:57 GMT
DCS: dcs-prod-irl1-2-v044-0c22dc413.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:47:43 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: gYOu9XMeSQg=
Content-Length: 2791
Connection: keep-alive
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
200 OK 1.5 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP
File type JSON data\012- , ASCII text, with very long lines (4015), with no line terminators
Hash ef244c9089eb6794166e6805c569bde6
d5cad4ff393009d7f47227b8e80f47f7ab30d9eb
b4b05a644b21aa95aeb03790312f6d6ff0d7013a987e07c0b1881079d4900662
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: application/json
content-length: 1541
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 05 Oct 2022 14:48:51 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 20406
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e8193c020b55-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 05 Oct 2022 20:28:57 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 2fbc9e0b-747b-4002-b580-394b88ddeb32
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2C$OfsxAJ!]tbP6j2F-XstGt!@DNz$cCAP; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 03-Jan-2023 20:28:57 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s67098905557279?AQB=1&ndh=1&pf=1&t=5%2F9%2F2022%2020%3A28%3A57%203%200&mid=66759159496457069283900504911570729660&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&r=https%3A%2F%2Fvatcalf.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Amultisport%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A28%20PM%7CWednesday&v6=8%3A28%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1665001737&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A86075577-37950&v122=NONE&v124=2750545&v125=127656177_C7A5A18A734F4983B1372728AA4D7EFF&v126=86075577&v127=37950&v134=1665001736&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s67098905557279?AQB=1&ndh=1&pf=1&t=5%2F9%2F2022%2020%3A28%3A57%203%200&mid=66759159496457069283900504911570729660&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&r=https%3A%2F%2Fvatcalf.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Amultisport%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A28%20PM%7CWednesday&v6=8%3A28%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1665001737&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A86075577-37950&v122=NONE&v124=2750545&v125=127656177_C7A5A18A734F4983B1372728AA4D7EFF&v126=86075577&v127=37950&v134=1665001736&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s67098905557279?AQB=1&ndh=1&pf=1&t=5%2F9%2F2022%2020%3A28%3A57%203%200&mid=66759159496457069283900504911570729660&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&r=https%3A%2F%2Fvatcalf.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A86075577-37950%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26bid%3D37950%26campaignId%3D2750545%26pid%3D86075577&v1=welcome.unibet.com%3A%3A%3Adesktop%3Ano%3Apop%3Amultisport%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A28%20PM%7CWednesday&v6=8%3A28%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1665001737&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A86075577-37950&v122=NONE&v124=2750545&v125=127656177_C7A5A18A734F4983B1372728AA4D7EFF&v126=86075577&v127=37950&v134=1665001736&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 05 Oct 2022 20:28:57 GMT
expires: Tue, 04 Oct 2022 20:28:57 GMT
last-modified: Thu, 06 Oct 2022 20:28:57 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3575564004653563904-4619842941944809495
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/gambling-commission.png
301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/gambling-commission.png
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/multisport/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
www.unibet.com/
301 Moved Permanently 162 B IP
ASN #47171 Unibet Services Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=BLP.1.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19271%7CMCMID%7C66759159496457069283900504911570729660%7CMCAAMLH-1665606536%7C6%7CMCAAMB-1665606536%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665008937s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.4.0; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; s_cc=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: text/html
content-length: 162
location: https://no.unibet.com/
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
set-cookie: clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c80499e3ccd937651c4d56769e245c5e
b5b4b80c63b6c1459f9d127d1cb76502dc64c85b
fd7a20166e3f2062babd11638e75ba6af15e1c577674a006831fcd2930095638
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 20:28:57 GMT
Last-Modified: Wed, 05 Oct 2022 19:01:07 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G8lMbRp8FJVbsoF4gfUk03inwGSy3JB9ITp7perSL95d6k2cUOS6lg==
Age: 5271
script.crazyegg.com/pages/versioned/common-scripts/a18bb0e21d11a839b7adb013c92ee611.js
200 OK 31 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/a18bb0e21d11a839b7adb013c92ee611.js
IP
File type ASCII text, with very long lines (25693)
Hash 808307a563c85e0dfd92013e623629ef
b60dddd640cd7c15a7d1f05cdaa3013bf45bb418
e62a9c719cb453d732f91ccce15329f2fdfecf8d46d57a46f9998649268c5977
GET /pages/versioned/common-scripts/a18bb0e21d11a839b7adb013c92ee611.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: text/javascript
content-length: 30751
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Sat, 17 Sep 2022 06:58:49 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 25128
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e81a6d2d0b55-OSL
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=66775230678604378033904530147044591399
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=66775230678604378033904530147044591399
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=66775230678604378033904530147044591399 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Wed, 05 Oct 2022 20:28:57 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Yz3pCQAAALbqRQNx; Domain=.everesttech.net; Expires=Thu, 05-Oct-2023 20:28:57 GMT; Path=/
everest_session_v2=Yz3pCQAAALbqRgNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Yz3pCQAAALbqRQNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v044-0d2a58cc0.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=13470612674287561791516134587447077554; Max-Age=15552000; Expires=Mon, 03 Apr 2023 20:28:57 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: h4uaJT7aR4o=
Content-Length: 0
Connection: keep-alive
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=462500
200 OK 144 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=462500
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 9de66552da1076716e4e029ab8e82c90
8bc9ffe87870244040ee35b4684c7b9d360c766e
6e119e3dedbc5da18771ccbc87b56f5c78cb3728c17e5a51b9aa4d281fdb45bb
GET /pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=462500 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: application/json
content-length: 144
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 05 Oct 2022 14:48:50 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 20407
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e81addb40b55-OSL
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3pCQAAALbqRQNx
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3pCQAAALbqRQNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v044-0965afbdc.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: UQOE152QQ5o=
Content-Length: 59
Connection: keep-alive
pagestates-tracking.crazyegg.com/healthcheck
200 OK 19 B URL HTTP/2 pagestates-tracking.crazyegg.com/healthcheck
IP
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: pagestates-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Thu, 14 Jul 2022 06:23:23 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3z26GV3ZjD7JGUC47WlqRxPPUzEwE7zcRnnyQaCN9By_wJZluSMgdg==
age: 7221935
X-Firefox-Spdy: h2
no.unibet.com/
200 OK 12 kB IP
ASN #47171 Unibet Services Limited
Hash 55ee3dc81872415f3546430497311f57
6d32909ea37b323f281773eb2512684d285dd0bd
a4b8a47efd2e88feefb50f6b2df15fb42c80ef6530bb5d599a85a9cea2ce3090
GET / HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=BLP.1.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545; clientId=polopoly_desktop; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19271%7CMCMID%7C66759159496457069283900504911570729660%7CMCAAMLH-1665606536%7C6%7CMCAAMB-1665606536%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665008937s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.4.0; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; s_cc=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=10
expires: Wed, 05 Oct 2022 20:28:57 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2d98ab5f28548ab5ab9ab5f00f3bf6d5
d97f977fc8e47e092904455770b3618f8456bc0a
267e6fe17439e320415cf82e8b4ed395a40d5c0fe25f8e6188312b550f510d25
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 20:28:57 GMT
Last-Modified: Wed, 05 Oct 2022 18:40:37 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RAjFyR9HPw0kSkH6uZfUlL14iBEotxf3OJRyf_ocELnjs2cA0vVf-g==
Age: 6500
tracking.crazyegg.com/clock?t=1665001737503
200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1665001737503
IP
File type ASCII text, with no line terminators
Hash cc8c4e67e228d17522c149520c3ed467
ec103ef94f950427cf2d91a631d3180b5cbed38a
924c8551bc9f8e684c4161ed0d1dcfae972f1ca0c7076b67ce88f7a87f2800be
GET /clock?t=1665001737503 HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Wed, 05 Oct 2022 20:28:57 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: 91a6cde2-b01e-002b-4396-d892ce000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: text/css
x-amz-id-2: kIWUcp4/gRprxrhG4Bo7YL49QfCfoJzgcb+lBni7kDeALpU6YcOHbXZK3Ce3+VKgInDBPr7yuoA=
x-amz-request-id: GQJ6HHGYZ6JW9X6Q
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 29739963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Q3NVKBFycWHXGIud1Tv%2BR0HJBHwMYa1QBAp2jXbZOKoMhu1%2FhUGYaLXX5ObLHG98DoSohvH0k9HBsCb4XZHu%2BS4nSjL9QeruP8lel3zSGONrPjq8Xy3djLsZ2gZAB5smmdFD3AM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7558e8135d6a773e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/1-main.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/1-main.js
IP
GET /no/pop/multisport/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68343779E"
x-ms-request-id: 772cf52b-001e-003e-59f8-d8857d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 20:28:56 GMT
date: Wed, 05 Oct 2022 20:28:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
IP
GET /no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vatcalf.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: NGkNgKvE41ztpclvs1gdSA==
last-modified: Mon, 20 Jun 2022 12:15:00 GMT
etag: W/"0x8DA52B67FA63ED8"
x-ms-request-id: 369c4ecc-d01e-0012-6ef7-d869d2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/1-styles.css
200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/1-styles.css
IP
GET /no/pop/multisport/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 20 Jun 2022 12:15:00 GMT
etag: W/"0x8DA52B67FB09D8F"
x-ms-request-id: de0f3e6f-201e-0039-12f8-d8e91e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/read_json.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/read_json.js
IP
GET /no/pop/multisport/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B6834CEC1B"
x-ms-request-id: 6e02051c-201e-005b-30f8-d82b39000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=5675
last-modified: Wed, 05 Oct 2022 14:48:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 20406
vary: Accept-Encoding
server: cloudflare
cf-ray: 7558e816e9060b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-trust.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-trust.svg
IP
GET /no/pop/multisport/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:86075577-37950&btag=127656177_C7A5A18A734F4983B1372728AA4D7EFF&bid=37950&campaignId=2750545&pid=86075577
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86075577%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1665001735667)%5c%2f%22%2c%22CookieTag%22%3a%223795086075577451240919C20221052028%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228189492719%7c1%22%7d%5d; __ucbt=node0anuh56ez4g3kslve106ajjt11; uniattr=ST.0.T; uniattr_ref="https://vatcalf.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_C7A5A18A734F4983B1372728AA4D7EFF; BID=37950; PID=86075577; REFERER=https%3A%2F%2Fvatcalf.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7A5A18A734F4983B1372728AA4D7EFF%26sref%3DADST%26ADST%3D17196958%26affiliateId%3D1%26pid%3D86075577%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 20:28:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B68201D7DE"
x-ms-request-id: 772d4048-001e-003e-34f8-d8857d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
64.225.91.73
93.184.220.29
64.190.63.136
85.184.96.5
54.76.252.170
15.236.176.210
104.19.148.8
23.36.77.32