Overview

URL8.us.findthewnd.xyz/feed/?link=true&tid=8&subid=8k.us&ref=www.onemortrk.pics&s1=63892f2c2e4ef244422a0edd
IP 23.235.251.114 (United States)
ASN#19437 SS-ASH
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-01 22:48:43 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (36)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
s.optnx.com (2) 20469 No data No data 95.211.229.248
eu.dspsuper.com (3) 0 2022-07-25 15:13:19 UTC 2022-12-01 20:56:59 UTC 139.45.195.207 Unknown ranking
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-12-01 17:28:41 UTC 142.250.74.106
unibet.demdex.net (1) 338024 2018-06-24 06:21:19 UTC 2019-11-02 03:04:11 UTC 176.34.205.255
r3.o.lencr.org (10) 344 No data No data 23.36.77.32
samba.trffclb.com (3) 0 2022-09-30 11:20:25 UTC 2022-12-01 15:40:24 UTC 51.83.143.92 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-01 17:12:49 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.237.51.86
ps.popcash.net (2) 67692 No data No data 3.228.63.1
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
unibetlondonltd.d3.sc.omtrdc.net (2) 444877 2017-01-29 21:05:05 UTC 2022-12-01 17:58:27 UTC 15.236.176.210
ocsp.digicert.com (5) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
8.us.findthewnd.xyz (1) 0 2022-08-03 12:58:08 UTC 2022-11-28 12:39:20 UTC 23.235.251.114 Unknown ranking
a1s-cdn.unibet.com (1) 283505 2014-04-23 15:07:51 UTC 2020-04-04 05:20:05 UTC 85.184.96.5
a1s.unibet.com (1) 297625 2018-08-24 02:07:57 UTC 2020-04-28 05:20:01 UTC 85.184.96.5
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
www.unibet.nu (2) 0 2022-11-04 11:13:23 UTC 2022-12-01 17:58:24 UTC 85.184.96.0 Unknown ranking
secure.adnxs.com (2) 396 2012-05-22 16:37:37 UTC 2020-03-11 07:38:04 UTC 37.252.173.215
adserving.unibet.com (1) 98000 2015-05-26 06:56:53 UTC 2020-04-28 07:38:51 UTC 95.101.10.153
ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-12-01 21:19:58 UTC 142.250.74.10
adeumssp.com (1) 0 2022-06-08 13:33:59 UTC 2022-12-01 12:14:33 UTC 157.90.90.249 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-01 17:14:08 UTC 34.102.187.140
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.165
cm.everesttech.net (1) 996 2018-09-03 07:40:22 UTC 2020-04-29 11:27:39 UTC 99.80.65.0
mono.trffcsource.com (1) 180746 2021-09-13 15:04:31 UTC 2022-11-30 08:02:22 UTC 51.83.143.92
eu.can-get-so.me (1) 0 No data No data 157.90.33.71 Unknown ranking
welcome.unibet.nu (17) 0 No data No data 104.18.25.188 Unknown ranking
ocsp.pki.goog (5) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-12-01 18:48:44 UTC 172.217.21.168
dpm.demdex.net (3) 204 2018-07-06 04:53:56 UTC 2020-04-29 23:04:31 UTC 52.18.105.217
ocsp.sectigo.com (2) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
curvyalpaca.cc (2) 0 2022-07-25 12:37:57 UTC 2022-12-01 20:21:21 UTC 157.90.88.166 Unknown ranking
use.fontawesome.com (1) 942 2018-09-18 10:26:26 UTC 2020-03-18 00:09:30 UTC 172.64.133.15
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-12-01 22:08:56 UTC 142.250.74.35 Domain (gstatic.com) ranked at: 540
redir.tealwinds.xyz (1) 0 2022-07-28 05:22:11 UTC 2022-12-01 19:21:32 UTC 198.211.113.186 Domain (tealwinds.xyz) ranked at: 178693
popcash.net (1) 11104 2017-07-19 16:41:38 UTC 2022-12-01 18:29:32 UTC 172.67.194.203

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-01 2 ps.popcash.net/go/134600/317194 Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-01 2 trffclb.com Sinkholed
2022-12-01 2 trffclb.com Sinkholed
2022-12-01 2 trffclb.com Sinkholed
2022-12-01 2 dspsuper.com Sinkholed
2022-12-01 2 dspsuper.com Sinkholed
2022-12-01 2 dspsuper.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 23.235.251.114
Date UQ / IDS / BL URL IP
2023-01-25 06:47:03 +0000 0 - 0 - 1 21.us.tealwinds.xyz/feed/?link=true&tid=21&su (...) 23.235.251.114
2023-01-19 15:47:03 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114
2023-01-15 22:17:10 +0000 0 - 0 - 1 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114
2023-01-14 10:55:41 +0000 0 - 2 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-01-13 16:57:17 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114


Last 5 reports on ASN: SS-ASH
Date UQ / IDS / BL URL IP
2023-01-25 06:47:03 +0000 0 - 0 - 1 21.us.tealwinds.xyz/feed/?link=true&tid=21&su (...) 23.235.251.114
2023-01-19 15:47:03 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114
2023-01-15 22:17:10 +0000 0 - 0 - 1 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114
2023-01-14 10:55:41 +0000 0 - 2 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-01-13 16:57:17 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114


Last 5 reports on domain: findthewnd.xyz
Date UQ / IDS / BL URL IP
2023-01-07 13:30:31 +0000 0 - 2 - 4 22.us.findthewnd.xyz/feed/?link=true&tid=22&s (...) 23.235.251.114
2022-12-29 08:58:09 +0000 0 - 0 - 3 22.us.findthewnd.xyz/feed/?link=true&tid=22&s (...) 23.235.251.114
2022-12-25 04:52:14 +0000 0 - 0 - 4 22.us.findthewnd.xyz/feed/?link=true&tid=22&s (...) 23.235.251.114
2022-12-23 00:58:30 +0000 0 - 0 - 3 22.us.findthewnd.xyz/feed/?link=true&tid=22&s (...) 23.235.251.114
2022-12-22 18:48:23 +0000 0 - 0 - 3 22.us.findthewnd.xyz/feed/?link=true&tid=22&s (...) 23.235.251.114


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-02 15:54:23 +0000 0 - 0 - 1 tgtggb.7d3df.zl.wy5532.com/ 199.115.115.102
2022-12-02 13:58:24 +0000 0 - 0 - 5 imranbataev.blogspot.com/2022/09/player-that- (...) 172.217.21.161
2022-12-02 13:45:13 +0000 0 - 0 - 1 hfgfgf.48324.gw.wy5532.com/ 37.48.65.150
2022-12-02 11:29:51 +0000 0 - 0 - 5 get.myboek.xyz/fr-517684339/une-femme-livre-g (...) 172.67.128.71
2022-12-02 10:59:27 +0000 0 - 0 - 5 eu.lnslagging.click/ro/i14s22/telekom/ 207.154.225.165

JavaScript

Executed Scripts (29)

Executed Evals (9)
#1 JavaScript::Eval (size: 60) - SHA256: 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f
(function() {
    return visitor.getMarketingCloudVisitorID()
})();
#2 JavaScript::Eval (size: 55) - SHA256: 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282
(function() {
    return visitor.getAnalyticsVisitorID()
})();
#3 JavaScript::Eval (size: 54) - SHA256: fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81
(function() {
    return screen.width + "x" + screen.height
})();
#4 JavaScript::Eval (size: 71) - SHA256: dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb
(function() {
    return Math.round((new Date).getTime() / 1E3).toString()
})();
#5 JavaScript::Eval (size: 61) - SHA256: 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c
(function() {
    return window.functions.timeParting("n", "0")
})();
#6 JavaScript::Eval (size: 88) - SHA256: 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62
(function() {
    return "LP:" + BF_prop.LandingPageName.toString().replace(/:/ig, "").trim()
})();
#7 JavaScript::Eval (size: 135) - SHA256: fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed
(function() {
    if (window.innerHeight) return window.innerHeight;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetHeight
})();
#8 JavaScript::Eval (size: 132) - SHA256: 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168
(function() {
    if (window.innerWidth) return window.innerWidth;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetWidth
})();
#9 JavaScript::Eval (size: 62) - SHA256: adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42
(function() {
    return window.functions.getPageNameOldEvar1()
})();

Executed Writes (1)
#1 JavaScript::Write (size: 50) - SHA256: a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449
< script src = "/widget/betslip/betslip.js" > < /script>


HTTP Transactions (88)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7587
Expires: Fri, 02 Dec 2022 00:54:59 GMT
Date: Thu, 01 Dec 2022 22:48:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1009
Cache-Control: max-age=129569
Date: Thu, 01 Dec 2022 22:48:32 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:48:01 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 22:19:49 GMT
cache-control: public,max-age=3600
age: 1723
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2460
Expires: Thu, 01 Dec 2022 23:29:32 GMT
Date: Thu, 01 Dec 2022 22:48:32 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: /U/jcuiUHGhiLRihDPGIBS0a0KO+0sjdgzQA9jol0SmWlgvNpIPmc7m4uNP/bSyXW5U8h8sSbjQ=
x-amz-request-id: ZD20RXBY1YXYSP21
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 22:46:28 GMT
age: 124
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /feed/?link=true&tid=8&subid=8k.us&ref=www.onemortrk.pics&s1=63892f2c2e4ef244422a0edd HTTP/1.1 
Host: 8.us.findthewnd.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=8&subid=8k.us
Date: Thu, 01 Dec 2022 22:48:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 01 Dec 2022 22:48:32 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 22:08:56 GMT
cache-control: public,max-age=3600
age: 2376
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A17DF4AC67D897AE2972A5920A51BF2747EF31372DED3462E7A675859E7613F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6458
Expires: Fri, 02 Dec 2022 00:36:11 GMT
Date: Thu, 01 Dec 2022 22:48:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1038
Cache-Control: max-age=124534
Date: Thu, 01 Dec 2022 22:48:33 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:24:07 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /click/invalid/?tid=8&subid=8k.us HTTP/1.1 
Host: redir.tealwinds.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://mono.trffcsource.com/z.php?p=c:9qopki6xxt24fkzm4&d=620239e89b29133e2933cceb&s=8
Vary: Accept
Content-Length: 234
Date: Thu, 01 Dec 2022 22:48:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   234
Md5:    ec5db86b65bb94d1ae856c7ef84ada1e
Sha1:   14cb402b710327b35e5e2cc315cf3e9b18718223
Sha256: 682fdb61228205f6ff34d48ee6229e0ab0f086f9c7c6ec2d53b812c9fff3aa57
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11447
Expires: Fri, 02 Dec 2022 01:59:20 GMT
Date: Thu, 01 Dec 2022 22:48:33 GMT
Connection: keep-alive

                                        
                                            GET /z.php?p=c:9qopki6xxt24fkzm4&d=620239e89b29133e2933cceb&s=8 HTTP/1.1 
Host: mono.trffcsource.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:33 GMT
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 25d
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_8

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: X/DfAmlmklfcjQwu/xchXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.237.51.86
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y/zeBsH6QpMMqshvzF2/I+3XEOg=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11447
Expires: Fri, 02 Dec 2022 01:59:20 GMT
Date: Thu, 01 Dec 2022 22:48:33 GMT
Connection: keep-alive

                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_8 HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63892f419971b84bdd30e181; expires=Sun, 04-Dec-2022 22:48:33 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (538)
Size:   491
Md5:    bbf5c16161f1c7fb963192079edbc07f
Sha1:   e1504575ac1c497f8ae90cb02eeb2db9907a1d2b
Sha256: 03c32ba99e77652cae4d0a53673c970585b855cf772a1078acdec8f9fcf0333f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_8&bv=1 HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_8
Cookie: bt-603611c5b7eaf46891533240=63892f419971b84bdd30e181
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:33 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6072
Cache-Control: max-age=107241
Date: Thu, 01 Dec 2022 22:48:33 GMT
Etag: "63881772-117"
Expires: Sat, 03 Dec 2022 04:35:54 GMT
Last-Modified: Thu, 01 Dec 2022 02:54:42 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /world/go/134600/317194 HTTP/1.1 
Host: popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.194.203
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
date: Thu, 01 Dec 2022 22:48:33 GMT
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDO5renT%2BDj41tjod1yxqCY0qSFsieVtG81u%2FUfhRd95t2monFTh%2BQl9UNAG0CAtryK31q0NH7MJwXIuS5RqmxtW6McAfP%2BlMQNsiEib0eYO8ybSyi1Q5xw59T8q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772f5efa5ca20b61-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /go/134600/317194 HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Date: Thu, 01 Dec 2022 22:48:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   272
Md5:    a085154b1319e89acd2bf9d233963199
Sha1:   4e0b392b00408e7d04236a4c78f008113bd87ed1
Sha256: 6170346bda0acbaa4f4435a1580ebe302198d6425c87ed1b75827bc768a6460a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /ad/ad?p=134600&w=317194&t=66afb63e753c247e&r=&vw=1280&vh=0 HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 303 See Other
                                        
Date: Thu, 01 Dec 2022 22:48:34 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10075
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 22:48:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10075
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 22:48:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10075
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 22:48:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10075
Expires: Fri, 02 Dec 2022 01:36:29 GMT
Date: Thu, 01 Dec 2022 22:48:34 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3711
x-amzn-requestid: 68772438-16c4-40ab-a40e-860425d8301c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGyhHVsIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e76-21d27db6708228002e738938;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JOCSKxy4WUDbS22Gd9BlyN1gmcDsDNlNWnT57KITGlNwfOe_Iaco9g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:59 GMT
age: 3575
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3711
Md5:    89e1a735e16f55c78fa75ae434294029
Sha1:   6c56f4015305eff04a99cec9758cd40bf4e5f704
Sha256: 26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:08:56 GMT
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
age: 2378
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7591
Md5:    d147ccb10bda82b153a596c3c967cd6a
Sha1:   ffd0763f997e71a8c1458523fc17cafe8849dfdf
Sha256: 1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NQ21d2_5JO2Ym-LEnDecub9bK6wUyvM2zUf_XpfMGag83fVWlMjT8w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:09 GMT
age: 3505
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10270
Md5:    4c7113338bc3310b13d23ca415c177e2
Sha1:   2cb4edc6b161c6d2d5b47aa498ae54e677966466
Sha256: 3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
age: 3421
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11402
Md5:    1c80b8025242ddfcc816ec612456b99e
Sha1:   aa944d10fe4a44b790b01ef62edc0f85a6d558e3
Sha256: a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 4427
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 3638
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5675
Md5:    89502a302863c914b4de5e8c6a7f6846
Sha1:   898d50ac6e372609656fccee27de3d036bc0281c
Sha256: 9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:34 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 02:30:52 GMT
Expires: Thu, 08 Dec 2022 02:30:51 GMT
Etag: "8cae1a86cf5d02ce6a11fcb69b06006c0d5b348f"
Cache-Control: max-age=531136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772f5efedb6e0b55-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:35 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 14:40:43 GMT
Expires: Tue, 06 Dec 2022 14:40:42 GMT
Etag: "a68428b78d7ecbfe66ddf0bbd6b1b1cbffefa723"
Cache-Control: max-age=402126,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772f5f02aefd0b55-OSL

                                        
                                            GET /sc?a=Csxn&c=fYTqmvFHwf65FBbeuHMBBE&e=gAAAAABjiS9DK7J8RtEH6E-7Rcsb2R4rgwZ-5dALe-Y8OXvsja2uYgGYvMixbq6UqpNLWjGqnUsB1QW8w0BhF1UP4EvY-ks1v0GOYBNi6UqlnxCSAqrYKBfe1wgteiVcKSFA9PhPqDOJbzc7c2pjFCTH83_If3j6JftnYAwHDbNDShMKlPWIWvR8UbtGIYuYdnOBEZda8iBUo0xgAlX__6CO6iRKcruSpadH0jB_khi8xZvEsMlkGVxGqsti4w8CPZX3zdWPltIKWOSVDnjDmElw6ag5R77vA6nAzBYpcDT0Qzgp0QIiMQvATwqeUnQ8-vQ3pt28bYrABk5xTsF__3VxgUXM3I34xvdSYVr27x1e4o_1u0siPDi2IxDUBZGFjLNf6GQb1gvG9hMHB2zdFOPL7RhP_Y1hh3Z352_bCZzBpMAJBuzL2Pw5UbvuPZW6J6n9caTcKS-u4BV2q8RtDkuW5upHUDTkKUnDe1tIhASCQ-hOwFth6I2PUp3aaUN04xxBLwZjeDZ1Pppg2JPpAFEzRzV7Yn3ri9VhmSlvHygAmTOcU12CQpnqNzDQTc_YtW1Sxs8QN1N5KyJ3Cm7XFEQ1-AzHN_fSSKrKBakHcfBlBaIOXZzdN-da8IPEbZDeFJwHpdzObL1xdNGuqk0gzvhBqP_M4Oxw_TueAtF53v5q48URdYgDp9VNFZDr6kucNM2WLG5d1vCZ9LDTL3_p18YCkeET8YAJgRtK7nuM7AC05rfiMjpGtjGCniOZiOTCtkXv_BMIGt7kyXVUPbO_M0FxWeoiGDMmH4b1JBfVTvXDAKEwHP7CtpQZ6aiHtoQswlseca_k6mI6X9nC-xRcpbWw2yWfvbvXKWn5Uls-mDiQjm9ErUjrNId9S3pKbtILy1J03FT8hfQd0XIPjGOR-Aq-31Ts0TEv__AsWQhqlkQN79OJjg45DOBm5j3EiG_9ITEApAMa9gyVmuYomDACEigaOKjpU4iVHM6AkjKYEyI5BZ-6S0E6IJ6KglDvuV0KyP6I9S2De4f6xtnR9JTBta9VwhrpegiKDJbeqBdds5Oit6ssY9zbecomaqgPzVYj8aVdqEUbNo-Tl_fwBfTWSKJdKeCt1SnF9UwUB5d7qr8KMC_TCh5kqeCPb6v28NreeYTqIu3FKBmENhPwGVyB4Lh9z2A46Q4x_D_SLazBhiEapTkrbm2WOrrDChx0gD1MnmFJPhl24EtPW8JGiZdw4v9oEGWtCKA-mxWYMxtbTD95GCUkXZl8V2DxeSeVEaROm0Zy5hDPkS1Ss60DzUgzeiOKwE31w7EKR2WPMq3gxo5rQezDB9L94spz9ESwr-X6Z3v8zximlbcsdhjPq6SXcYv03b1c_lgks6v9b2tJRMU_yPbhrKjNrrzdxesRgJ5So4GINHbibXB8NaD_Pwd2Xb0d4tsAcw4Etwm0HkW1ri5f5Wtb0jKarQgBGP288P0ZEpZA4iNnuEXL6A8dI1Y1K8HZJcSoJL7l0dHr6Qt4GUAgYIuYwc4u1m7FWUETZjXyWoh9t358XBXA-MFCv2gLI2j9GXPIYymrfkrvpFJJL61aTaO4jZKiQJnqhHk6E-MV-w-Obep_LnVf_1qkd7pzhwrijGKaGcANIVeM5c0CjAp5VQk7jfaZGfrGaXvJdnbaMcprxnSGOBr9DT_3TGP6gGUH87vdqoV0NwCKTP_9LepuySl940556Z07BPENntjWJqWtFkJtU1QI-Goe3nBLYQm_Ykaln2r7DuV8Wt7tTG4iISGvkyGMWg1FLkmwBhOui9BkgfnKE0Nlk8Tj1CUPpq0pgEgZXs5D5aXvrOvpt76D2gzRZbpKVs7WObeiDi7bc63tI5NPB3y0-JG4mtLOexidnpIB2VrBEB76tquZqCIXQEzfTURugZyqfPMN_8GA0rtgCRvdUUIte6PDAqzU00Ofoc2pJMGaGBgO_eY7QzxpGknTMDA6BPu3uo3o-_Y1bFAfVc5FyaQhoE8ERcSmWlun4AEs7mhIIvr7750iRLzR5dWXqxZxsoArDdG7BJkgnL_3be7X4Q_4yVMsCW1UhT03vfE_REsMw5olwyKu88QPCu_1UcuLOZjkH81ex14jpo3q-tpf0GHFka25-4jIM_tvng2Q8OrrzbrgBqgX5PVo8sfLN8SHSrbTB-AIo2agggVqUZ8VJ9kvpN23-f820Dl5kggodLYT_HckGNQFx2yd8lHaMHEao1HoujHeCTvutAa4OHZ-XLR8JXFm3ZWWTM-q0QtV5ed4YHc5on3ivowUSLrpZrfAXNY=&f=0 HTTP/1.1 
Host: curvyalpaca.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjiS9CyTox5XdCdMEsS4bfElulGa1IxNawxIel1juY6lTieURM6O_Q2bAkxKW19oum-77Htwu0eVRX5Smn9urOLwHaKkCJebV3e-cQYjRyZoMi2eTnxa6omk8ApPfu-FEpZPKPFB2H9sw1XHMYA-RQxevVm2t5yBMWP4lCpI_1DuET4nMqJE4h40Sk3yhwjVOALBKLteT9TLHLVo0Vjpb7sv3auCP_AL4hrveiahlOW731Ai98MYLf7V0EZ37TjdH9HUsMznGZcOgWMWS8X6fLBHTHupkznNuUao194hHNPIwfposY23ANw4U1Gov6GMPSVBn-EmV9Vi9452tU6wAEBPE2Fl6JeBbENrg0ivynZ1LPUns0kbrRkomOwHLUGTjeUT_MsJ-pHFRUne3OWX7D7X29lelaM3UJ3Zpk4dDX0gVNGK2ZQnl9ubiahPOgsCy2BrAeZlrqWNvAbbKnowNK19_H-UK5IfWhuYUVd4Ijf79L8-9ygzwGmuXKJVOs2bRn8qXSXOienpgaX4buNgxhi65FQcAASliv8YcyoT5mrqHUo9pIfFRsPc3BBD4EsuQemIvYdJAVctbn6jNzUhFeeBcLp6mGo6w8U5ORrwejjpYlPv8nS_ZEeSOgxCp5uqtMYgzSYrQrzwQ1qyb7jwQFo5-G-qZY-HA-4Cgkjb5MXgfpTT_vTVxWYoM9T4B06T5ELv372TXajhVhC64lbEVK8MOdMffrhNB_kVzlJuvARcNMNK1SJX9sAAMbmZ7u3q7ev7t_OUjwuWxZwQe85GU-xyqPaANp3b4bIM2XnUFAXuOJvIuwlzb7l5vtJYicHFvmNjLLydR0x3rHWo6G8oKIThcI1Aj4pCCRDMemX2CKZEXJKU_SRd18ktbPuTi8C7YNvCRFXmF7DyngzQ4FItWB_JqmSNVBy4me4KxBeLBLmhUCluyRKPDokxcttaw-CI40nNU-B2ukpwpGuWP2pJCknHkkZaHD597HeH_d3GsmoeA1kTeWJDxPArmYc8EetqWymP3femoWRZ3YGHmZDxLBLYVNLv6XYzjmT-HP4XIWklJDCSpr27D6DtJ3aUQqLWAnZ3wKPXdBfy-44wIpbhueQcEtgq-GFZpa6Py0pcQOuKxyenOVgNTtwuE9HhtIKI-DyGngebvKev_DEU_wSWDeMgTw8oYAVJUR5V_uaUOsTm4A0AmEmj_g_1YsZbsiUw82rtggYOdhpJ_j_y-8RmByYycM-UcyWHinP-o9j_ZcIWN2ACCORf7atk2Y3TbOKvB2yVfnr5db7aMyLfP85fTncXTo4n7O9JDq7Px8GR-OuvAWVhW3gshjzF6gK9HcgctZg0ccWNu1L1hByQUMqQ6avfDh2mhKnnYBrvoMiyIHH9VWoPWJkfc2QDW5gc_xp6vifAKCMYKvedNzBuXSKJ_RHGaHOdwGBzl-X14rtJctQJRA6WnTQcesv_uMzuimkvmdNfPPz0CdFskA4iBhCyp_d48NdXgWcScvA4LSBx2datKQKjZb4xaktuC0p-PGcth5V0qEpFhohXkzBVY8fpTXhwPEw-J09pcbvjqgJwZR61M5jROfyYaCUwsdPhI4HmucrKCqcgjKC5simxGfyBEOQrIUppKuA3-7PB6-E3GAsnm5e-kmSiQg-ftoI10Gp6TRFVBzrJaOF5bbAefEqUCCf3hYTcXPlWkrmxMxpiYyuokgijW1Ktel2utgpv78s6BT8dmWU-Q8d6MVpdXPHBQnOUBsFOXaTfKcvd334ExY6b04Q59KQL23z3x9IQWthyvogVF6QGCwnhFwmXbrNU6uozBDAVoME0mc8NyHHYVJi5bYrN1oK_XbUd-PbVcVaPcWbDmHyFLsHvqFJlGHV2VGIEzPEi0wlGSVggLecuMBLTfHkVNbFVL3b_56URPQdHDPLHrmS79mKZLbwmWJQ0f3WdZHMG18PLWw4TxI3oP5ONrGQBWKsLJ54n0RsppzojSJcQXxBhVY93HkHyQR-w0dd7Xugk6WO7j7O1vXWQZfSoDqWswQlFKEkevZafAKi4F_DLX5CWqO2pJoDWKzdAiG4hjKz6my2qDlCQfH4D9g2lrNuH_bHFULAm8IoQHlYIz1Ths9wil0ZccXbH2QoVQuFDkc2tFduVLvPGHnu67qqjBdIiGj8bSZtsJkHLjA93BiQMKV6acERgDUAacej9DxyYw5ScEr21hCUzyv_26z2YN419wGyvX9Xf6TdmQpcNurTuXoOpN5jeonlw1TxL-d2BxA1RiCgbZxdTqVkGuBWm4-2Wo%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         157.90.88.166
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Thu, 01 Dec 2022 22:48:35 GMT
content-length: 848
location: http://s.optnx.com/cimp.php?data=TVRZMk9Ua3pORGt4Tkh3MlkyWmxaR0kzWVRFMU1tWmxOMkZtT1RsaVlqTTNaVE5oT0RkbFl6bGhZZy0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD0yM2M5ZDJkNy03MjFmLTRiOGMtYTE0NS04Y2ZkYTk4OGM3ODkmdHM9MTY2OTkzNDkxNCZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDM2Ljc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHw4Njk5MTQ1MTN8MTllMGEzZDNlOTU0Zjg5MTBkZGQ3ZDIwYjExYzk1ZWV8MXwwfHBzLnBvcGNhc2gubmV0fDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDMxNDMyNDJ8LTF8MnwzMTQzMjQ0fHx8MnwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMHx8T0t8NWZlOGVkNmUzODUyZjM2OTUzZGZhMzFlNWRhZjRhM2Y-
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (846)
Size:   848
Md5:    524301c1279a8a74a089a959c32b5ebf
Sha1:   24981aa1d448845dc1ab515aa114002d6ea43dd9
Sha256: 7d9d8b835fa760101db90080e09f49452f9d1ef70003d8e103a7a6e1d6078be3
                                        
                                            GET /cimp.php?data=TVRZMk9Ua3pORGt4Tkh3MlkyWmxaR0kzWVRFMU1tWmxOMkZtT1RsaVlqTTNaVE5oT0RkbFl6bGhZZy0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD0yM2M5ZDJkNy03MjFmLTRiOGMtYTE0NS04Y2ZkYTk4OGM3ODkmdHM9MTY2OTkzNDkxNCZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDM2Ljc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHw4Njk5MTQ1MTN8MTllMGEzZDNlOTU0Zjg5MTBkZGQ3ZDIwYjExYzk1ZWV8MXwwfHBzLnBvcGNhc2gubmV0fDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDMxNDMyNDJ8LTF8MnwzMTQzMjQ0fHx8MnwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMHx8T0t8NWZlOGVkNmUzODUyZjM2OTUzZGZhMzFlNWRhZjRhM2Y- HTTP/1.1 
Host: s.optnx.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263892f4335b579.78048339622431039%22%3B%7D; expires=Sat, 30 Nov 2024 22:48:35 GMT; path=; domain=.optnx.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1473)
Size:   1076
Md5:    094674e260be0a087ac6a0ee64554fc4
Sha1:   d5346dfed24b617e7bda162828196b3c378eaff0
Sha256: a5531730b896129d5fc8933238bee1341af3f3e537e5741c115a618095035936
                                        
                                            GET /cimp.php?data=TVRZMk9Ua3pORGt4Tkh3MlkyWmxaR0kzWVRFMU1tWmxOMkZtT1RsaVlqTTNaVE5oT0RkbFl6bGhZZy0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD0yM2M5ZDJkNy03MjFmLTRiOGMtYTE0NS04Y2ZkYTk4OGM3ODkmdHM9MTY2OTkzNDkxNCZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDM2Ljc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHw4Njk5MTQ1MTN8MTllMGEzZDNlOTU0Zjg5MTBkZGQ3ZDIwYjExYzk1ZWV8MXwwfHBzLnBvcGNhc2gubmV0fDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDMxNDMyNDJ8LTF8MnwzMTQzMjQ0fHx8MnwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMHx8T0t8NWZlOGVkNmUzODUyZjM2OTUzZGZhMzFlNWRhZjRhM2Y-&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0 HTTP/1.1 
Host: s.optnx.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.optnx.com/cimp.php?data=TVRZMk9Ua3pORGt4Tkh3MlkyWmxaR0kzWVRFMU1tWmxOMkZtT1RsaVlqTTNaVE5oT0RkbFl6bGhZZy0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD0yM2M5ZDJkNy03MjFmLTRiOGMtYTE0NS04Y2ZkYTk4OGM3ODkmdHM9MTY2OTkzNDkxNCZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDM2Ljc1fDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8ODR8MnwwfHw4Njk5MTQ1MTN8MTllMGEzZDNlOTU0Zjg5MTBkZGQ3ZDIwYjExYzk1ZWV8MXwwfHBzLnBvcGNhc2gubmV0fDB8MHwwfDAuMDJ8MXwwfGV4Y2hhbmdlX2xpbmt8MHwwfDMxNDMyNDJ8LTF8MnwzMTQzMjQ0fHx8MnwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMHx8T0t8NWZlOGVkNmUzODUyZjM2OTUzZGZhMzFlNWRhZjRhM2Y-
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263892f4335b579.78048339622431039%22%3B%7D
Upgrade-Insecure-Requests: 1

search
                                         95.211.229.248
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263892f4335b579.78048339622431039%22%3B%7D; expires=Sat, 30 Nov 2024 22:48:35 GMT; path=; domain=.optnx.com;
Location: http://eu.dspsuper.com/api/submit_form_request?p=23c9d2d7-721f-4b8c-a145-8cfda988c789&ts=1669934914&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
X-Robots-Tag: noindex, follow

                                        
                                            GET /api/submit_form_request?p=23c9d2d7-721f-4b8c-a145-8cfda988c789&ts=1669934914&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0- HTTP/1.1 
Host: eu.dspsuper.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://s.optnx.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         139.45.195.207
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4632)
Size:   5582
Md5:    edb1afc02dbae3632763d988856c9bd7
Sha1:   7f14b62e4e739232f0714ea79bff9d778f467c5b
Sha256: 3931b44c4b236239d0a07f58b2d74355fcea0901512ac561bddefdb6051c8d1d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /api/win_request?ad_scheme=1&p=23c9d2d7-721f-4b8c-a145-8cfda988c789&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3D23c9d2d7-721f-4b8c-a145-8cfda988c789%26ts%3D1669934914%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100 HTTP/1.1 
Host: eu.dspsuper.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4807670&feedId=746
Upgrade-Insecure-Requests: 1

search
                                         139.45.195.207
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:35 GMT
Content-Length: 175
Connection: keep-alive
Location: https://eu.can-get-so.me/pr?ids=olrhgwlawcd&hash=68a4c229262b2c3f&ext_req_id=622314745894539264&subid1=4807670&cost=0.001050
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   175
Md5:    47b12a96cf4f50450a7acccedc6e5283
Sha1:   7ffa758d031b89f1e13f0e8ada822075efb01c70
Sha256: ce52196ee92077f6f8e28b78d399328b9a3555d73d3ba287f3b48f849c11afab

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F87B6CB959C0FC2BE5586F2C31861725A8B20175FDA3A8EA1DDBD937E63E364F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20751
Expires: Fri, 02 Dec 2022 04:34:26 GMT
Date: Thu, 01 Dec 2022 22:48:35 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: eu.dspsuper.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4807670&feedId=746

search
                                         139.45.195.207
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Thu, 01 Dec 2022 22:48:35 GMT
Content-Length: 19
Connection: keep-alive
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   19
Md5:    595e88012a6521aae3e12cbebe76eb9e
Sha1:   da3968197e7bf67aa45a77515b52ba2710c5fc34
Sha256: b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pr?ids=olrhgwlawcd&hash=68a4c229262b2c3f&ext_req_id=622314745894539264&subid1=4807670&cost=0.001050 HTTP/1.1 
Host: eu.can-get-so.me
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://eu.dspsuper.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         157.90.33.71
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 01 Dec 2022 22:48:35 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=715734
set-cookie: rauid=tHgP9rQGSZ-xschU_PoTyA; expires=Fri, 01 Dec 2023 22:48:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=715734 HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         95.101.10.153
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&sref=RLA&RLA=715734&affiliateId=1&pid=86804727&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Thu, 01 Dec 2022 22:48:35 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 01 Dec 2022 22:48:35 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86804727%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669934915719)%5c%2f%22%2c%22CookieTag%22%3a%223795086804727451240919C20221212248%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228507220974%7c1%22%7d%5d; domain=.unibet.com; expires=Sat, 01-Dec-3021 22:48:35 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=53, cdn-cache; desc=MISS
X-Firefox-Spdy: h2

                                        
                                            GET /stan/campaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&sref=RLA&RLA=715734&affiliateId=1&pid=86804727&bid=37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Thu, 01 Dec 2022 22:48:35 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&sref=RLA&RLA=715734&affiliateId=1&pid=86804727&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320669583%3A86804727-37950
set-cookie: JSESSIONID=node0qlpirp4oqxkm6fm551izg0q51391760.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node0qlpirp4oqxkm6fm551izg0q51; Path=/; Domain=.unibet.nu; Expires=Sat, 30-Nov-2024 22:48:35 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Sat, 30-Nov-2024 22:48:35 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Sat, 30-Nov-2024 22:48:35 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Dec-2022 22:48:50 GMT; Max-Age=15; Secure; SameSite=None affiliateId=1; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37950; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None PID=86804727; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Dec-2022 22:48:50 GMT; Max-Age=15; Secure; SameSite=None campaignId=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=58224; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Dec-2022 22:48:50 GMT; Max-Age=15; Secure; SameSite=None clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Dec 2022 22:48:35 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&sref=RLA&RLA=715734&affiliateId=1&pid=86804727&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320669583%3A86804727-37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Thu, 01 Dec 2022 22:48:35 GMT
content-length: 0
location: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Dec 2022 22:48:35 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2106
Cache-Control: max-age=133511
Date: Thu, 01 Dec 2022 22:48:35 GMT
Etag: "63888d91-116"
Expires: Sat, 03 Dec 2022 11:53:46 GMT
Last-Modified: Thu, 01 Dec 2022 11:18:41 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1 
Host: a1s-cdn.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   956
Md5:    fd48e87ecd4d06d9c5df490b91dc813e
Sha1:   a65a437db44444634e4f41732c590c1d14433b3f
Sha256: 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/utv-logo.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EC5A693D"
x-ms-request-id: a2fad51d-401e-003f-082e-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca5c0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Size:   741
Md5:    c856b1e5d262dce1625cc82557387759
Sha1:   0485d5cbc1e7a46b00b93ed37ff9fe0af2894a7b
Sha256: e676f68aa38661c5bcefe018b835a92d26aa524328fe675f309b8b5cbaee2cd5
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /custom.js HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: 126f410e-701e-000b-2310-f9e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 194822
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca4d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2527
Md5:    0b4cf1c86cf6d3daf9cbce2d18e11b15
Sha1:   1194a5ba2d6eddbe135aa89d348a3317c9011fe7
Sha256: f39cb044ef31f557918993246496266081bc7103024fbd7c0429e4b0e5e6c3f7
                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         85.184.96.5
HTTP/2 304 Not Modified
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
etag: "705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 11:09:22 GMT
expires: Wed, 29 Nov 2023 11:09:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 214754
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-casino.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: u/57C1Al21ESpXtbDs6sbw==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDEFC297"
x-ms-request-id: 65dca035-e01e-0026-142e-035a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca620b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2084), with no line terminators
Size:   1007
Md5:    3b54ffc69e87666c0a3d4598f0302d79
Sha1:   2450954a6ed966929be65cca5e4d0676350fcf7b
Sha256: bd8740f48b7ddfad57d44e0362b252593c604c2beb09ac86b848f1d59a768e6b
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-trust.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDF69F62"
x-ms-request-id: 7fc6adee-f01e-0067-3e2e-0302fe000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca5d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Size:   609
Md5:    c19db933d97ae4412ebba7b7dc3531f3
Sha1:   1900249909d93ced1f65d75e4096e953fcaf99b2
Sha256: dd67268f24947f5f0a57430ad9d0579307d2d80ecd9bb5bc91f7f9febe58c486
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/1-background-black.jpg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/1-styles.css
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
content-length: 530095
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: xYlVAKiG8X/5NE4Ngv5uyQ==
etag: "0x8DAD144EC3BE92B"
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 050ee1fe-201e-0016-392e-03e4d5000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 292486
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0c0b560b49-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1800x936, components 3\012- data
Size:   530095
Md5:    c5895500a886f17ff9344e0d82fe6ec9
Sha1:   3c47606c692fc53da28e541e8b191a777d77cefd
Sha256: ac6895cf3959a7cd8b23f9d1f7eed70af8d6fc1cdf27de416ef6120d13fea88e
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/Unibet_Pro_2020.woff2 HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/1-styles.css
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: application/font-woff2
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 28 Nov 2022 13:32:01 GMT
etag: "0x8DAD144EEBD06F1"
x-ms-request-id: 1e7868bd-101e-0032-3d2e-031275000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292487
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0c3b760b49-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size:   10924
Md5:    0ea5bcff84ae44840b6e9c9d12c8b963
Sha1:   6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
Sha256: b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/gb-when-the-fun-stops.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: aKFt6UnI1NUrF+upCSAbIA==
last-modified: Mon, 28 Nov 2022 13:31:59 GMT
etag: W/"0x8DAD144ED1D9CEE"
x-ms-request-id: e9b0b4f7-401e-005d-682e-031886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0ada780b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   80100
Md5:    ca940e4bf036bdc894b9a933edd8c09f
Sha1:   297e6f56287b87b90beaab5e62dd7499c60c5a22
Sha256: 1304e1fabfcf1899fc7a55185e4de1115e22479df40708c981916cdcf4051dc8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /releases/v5.7.1/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.133.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
x-amz-id-2: BTwL7dWf0q+Mv7N/dh7iT0PRbEDxamXFdvhCLtH8t5qudZu/vhgM01fzuSkejSlbFsNDa/Mvc6o=
x-amz-request-id: N1H88TMA9YCZMSHV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 292481
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wy%2BGEnA%2F9qEh31w1WwG8ioEmObVz7zOid62haeSNxBmzBRbQXKJXTwfnAChRdgVw%2Fukf2B9zyRakKm0yD18YFSTlBiR%2FX%2BOcHoBI7zlNBlJEwRwlS5R%2F%2B3EW%2BKIQHUVWQ5AIki0C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772f5f0b3daa7314-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (54456), with no line terminators
Size:   12319
Md5:    3dc97317c282789f11b777e2a055c8b7
Sha1:   b13b504326f969c3f63ab101e2614c08f77c444a
Sha256: fab613c73c675f7a447b09c55dd159c4b4fd58763bb2ca7dcf3f8f055d6e8b68
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/com-payments.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 28 Nov 2022 13:31:58 GMT
etag: W/"0x8DAD144ECAF33B2"
x-ms-request-id: 9c6ff72a-a01e-0018-0d2e-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca640b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   25812
Md5:    f829eacdbb2f240ec27fd1d14c794cef
Sha1:   18eef28b2dc686cf4fecdcc94fb731c6132bbad4
Sha256: ae8d53820c51bc974363f0ba95abcf3fc6004328c61819ce16022eb05ab43f89
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Roboto:300,400,500 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 22:48:36 GMT
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1116
Md5:    43cee634c3abec70bd7dd9fa6ec4edcb
Sha1:   52f0fdeb1d615a827abf84eefcd5c41e458f4bbd
Sha256: 31dfd7cd98c50a4700e13873f84b3becccf937571e9ff4a45517fb6635eab0ef
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 98082
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/gambling-commission.png HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 404 Not Found
content-type: application/xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
x-ms-request-id: ae138434-b01e-0066-06d6-055d22000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 249
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0beb460b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Size:   16092
Md5:    c650381805a177e242403d71ca1d8159
Sha1:   b8124646644013b47aa16b294d00bc8bda8e1581
Sha256: 9f5e618cf6f1ca543f5a6ce0ac06f1d9098c41c52d9f62a3ae53b5dd172ea2ce
                                        
                                            GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.217.21.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 22:48:36 GMT
expires: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 22:13:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80770
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62112)
Size:   80770
Md5:    fcdf348e9b51b2752a249665549b1f62
Sha1:   556513680fa176f56a636261cf02eb3ce44a07c4
Sha256: bc4a0ab40545e7cfc1d26cea5895ca0e105fc9b0b03d716dac489f74ab056aed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 22:48:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/no-payments.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 28 Nov 2022 13:31:59 GMT
etag: W/"0x8DAD144ED00071A"
x-ms-request-id: 8dc1f3cc-301e-0035-152e-037e16000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292486
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0cdbe80b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   8504
Md5:    3c689e206a17a48af17f09967d6c38be
Sha1:   e8f196c95e1dc1e503fb0193a504b6478adaad39
Sha256: cce86b1cb77ebe99fdce7ef53a6b53d155caa2e3965b0905c295a4b54c59cf1f
                                        
                                            GET /seg?add=9755599 HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         37.252.173.215
HTTP/1.1 307 Redirection
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Thu, 01 Dec 2022 22:48:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: e902558f-61fe-4e37-96b9-37845886062d
Set-Cookie: uuid2=9145369910111991439; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 01-Mar-2023 22:48:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727 HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: ALrEeXzHb5XykFNPd2FIIA==
last-modified: Mon, 28 Nov 2022 13:31:56 GMT
x-ms-request-id: f028edcd-101e-001d-3ad7-051fbe000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f08e8b20b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (569)
Size:   5940
Md5:    a59ab00ade5bb1a82076374a17bbc34c
Sha1:   068aaf28a3066546bdf7f4129b5a6009deb5a537
Sha256: fb5e4c7ae4c07ad8b64134db505a139fb237b9f6209f62dfdf0b9f412163242e
                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669934915187 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         52.18.105.217
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v045-02cc342ef.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=61790444793031731492523143941068853294; Max-Age=15552000; Expires=Tue, 30 May 2023 22:48:36 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: xiB2hLgGRDk=
Content-Length: 498
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Size:   498
Md5:    f011baaeb86846eecee01544fe83e8c6
Sha1:   7f7e5e380f691d63a7328739d3980006c6d73bb4
Sha256: 45e0257ed92cca182f5f69a724d4efff31288470342004482a626b3b5329c785
                                        
                                            GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         37.252.173.215
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.21.3
Date: Thu, 01 Dec 2022 22:48:36 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 1f6230bc-db66-44ee-848f-54cbdf6b654b
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hb7u_+k-!@wnf-Te9(>wL5L!!'?Z$_Pi*; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 01-Mar-2023 22:48:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5797
Cache-Control: max-age=123902
Date: Thu, 01 Dec 2022 22:48:37 GMT
Etag: "6388599e-1d7"
Expires: Sat, 03 Dec 2022 09:13:39 GMT
Last-Modified: Thu, 01 Dec 2022 07:37:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=61830703835297365822525059229768084917&ts=1669934915363 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         15.236.176.210
HTTP/2 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
access-control-allow-origin: https://welcome.unibet.nu
access-control-allow-credentials: true
date: Thu, 01 Dec 2022 22:48:37 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: unibet.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         176.34.205.255
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
date: Thu, 1 Dec 2022 22:48:37 GMT
DCS: dcs-prod-irl1-1-v045-04c35fc5e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 94UbG5XATXc=
Content-Length: 2791
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2791
Md5:    ccbdcb1e84c241950763ec4cd516cdfc
Sha1:   55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
Sha256: de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
                                        
                                            GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s34097299613976?AQB=1&ndh=1&pf=1&t=1%2F11%2F2022%2022%3A48%3A35%204%200&mid=61830703835297365822525059229768084917&aamlh=6&ce=UTF-8&pageName=LP%3ACopy%20of%202022%20-%20WC%20-%20Sports%20LP&g=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320669583%3A86804727-37950%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26bid%3D37950%26campaignId%3D2808422%26pid%3D86804727&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320669583%3A86804727-37950%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26bid%3D37950%26campaignId%3D2808422%26pid%3D86804727&v1=welcome.unibet.nu%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Afootball%3Awc%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=10%3A48%20PM%7CThursday&v6=10%3A48%20PM%7CThursday&v11=GBP&c14=New&v14=New&c16=1669934915&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669583%3A86804727-37950&v122=NONE&v124=2808422&v125=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&v126=86804727&v127=37950&v134=1669934915&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         15.236.176.210
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
access-control-allow-origin: *
date: Thu, 01 Dec 2022 22:48:37 GMT
expires: Wed, 30 Nov 2022 22:48:37 GMT
last-modified: Fri, 02 Dec 2022 22:48:37 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3586157929044049920-4619676202494553316
vary: *
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2\012- data
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 22:48:37 GMT
Etag: "6388b39e-1d7"
Last-Modified: Thu, 01 Dec 2022 22:32:38 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: r64RCUfxkjuqutB9c47-1qhj0HMw3jr8xPLe9V8eq8hTEyVmZWaq2A==
Age: 959

                                        
                                            GET /cm/dd?d_uuid=61790444793031731492523143941068853294 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         99.80.65.0
HTTP/1.1 302
                                        
Date: Thu, 01 Dec 2022 22:48:37 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4kvRQAAAH-3swNx; Domain=.everesttech.net; Expires=Fri, 01-Dec-2023 22:48:37 GMT; Path=/ everest_session_v2=Y4kvRQAAAH-3tQNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4kvRQAAAH-3swNx
Server: AMO-cookiemap/1.1

                                        
                                            GET /ibs:dpid=411&dpuuid=Y4kvRQAAAH-3swNx HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.18.105.217
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0030c669c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4kvRQAAAH-3swNx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=89927281538595741732327065942099395458; Max-Age=15552000; Expires=Tue, 30 May 2023 22:48:37 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: c1UWCYuuRI0=
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4kvRQAAAH-3swNx HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.18.105.217
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-0a888e68a.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: B3liitCeS50=
Content-Length: 59
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   59
Md5:    1251cd5e5c2def4c046309375f87c1c1
Sha1:   e02d6b0c6a5c495c15985e2832e335eda8528c80
Sha256: 4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
                                        
                                            GET /click?a=Csxn&e=gAAAAABjiS9CyTox5XdCdMEsS4bfElulGa1IxNawxIel1juY6lTieURM6O_Q2bAkxKW19oum-77Htwu0eVRX5Smn9urOLwHaKkCJebV3e-cQYjRyZoMi2eTnxa6omk8ApPfu-FEpZPKPFB2H9sw1XHMYA-RQxevVm2t5yBMWP4lCpI_1DuET4nMqJE4h40Sk3yhwjVOALBKLteT9TLHLVo0Vjpb7sv3auCP_AL4hrveiahlOW731Ai98MYLf7V0EZ37TjdH9HUsMznGZcOgWMWS8X6fLBHTHupkznNuUao194hHNPIwfposY23ANw4U1Gov6GMPSVBn-EmV9Vi9452tU6wAEBPE2Fl6JeBbENrg0ivynZ1LPUns0kbrRkomOwHLUGTjeUT_MsJ-pHFRUne3OWX7D7X29lelaM3UJ3Zpk4dDX0gVNGK2ZQnl9ubiahPOgsCy2BrAeZlrqWNvAbbKnowNK19_H-UK5IfWhuYUVd4Ijf79L8-9ygzwGmuXKJVOs2bRn8qXSXOienpgaX4buNgxhi65FQcAASliv8YcyoT5mrqHUo9pIfFRsPc3BBD4EsuQemIvYdJAVctbn6jNzUhFeeBcLp6mGo6w8U5ORrwejjpYlPv8nS_ZEeSOgxCp5uqtMYgzSYrQrzwQ1qyb7jwQFo5-G-qZY-HA-4Cgkjb5MXgfpTT_vTVxWYoM9T4B06T5ELv372TXajhVhC64lbEVK8MOdMffrhNB_kVzlJuvARcNMNK1SJX9sAAMbmZ7u3q7ev7t_OUjwuWxZwQe85GU-xyqPaANp3b4bIM2XnUFAXuOJvIuwlzb7l5vtJYicHFvmNjLLydR0x3rHWo6G8oKIThcI1Aj4pCCRDMemX2CKZEXJKU_SRd18ktbPuTi8C7YNvCRFXmF7DyngzQ4FItWB_JqmSNVBy4me4KxBeLBLmhUCluyRKPDokxcttaw-CI40nNU-B2ukpwpGuWP2pJCknHkkZaHD597HeH_d3GsmoeA1kTeWJDxPArmYc8EetqWymP3femoWRZ3YGHmZDxLBLYVNLv6XYzjmT-HP4XIWklJDCSpr27D6DtJ3aUQqLWAnZ3wKPXdBfy-44wIpbhueQcEtgq-GFZpa6Py0pcQOuKxyenOVgNTtwuE9HhtIKI-DyGngebvKev_DEU_wSWDeMgTw8oYAVJUR5V_uaUOsTm4A0AmEmj_g_1YsZbsiUw82rtggYOdhpJ_j_y-8RmByYycM-UcyWHinP-o9j_ZcIWN2ACCORf7atk2Y3TbOKvB2yVfnr5db7aMyLfP85fTncXTo4n7O9JDq7Px8GR-OuvAWVhW3gshjzF6gK9HcgctZg0ccWNu1L1hByQUMqQ6avfDh2mhKnnYBrvoMiyIHH9VWoPWJkfc2QDW5gc_xp6vifAKCMYKvedNzBuXSKJ_RHGaHOdwGBzl-X14rtJctQJRA6WnTQcesv_uMzuimkvmdNfPPz0CdFskA4iBhCyp_d48NdXgWcScvA4LSBx2datKQKjZb4xaktuC0p-PGcth5V0qEpFhohXkzBVY8fpTXhwPEw-J09pcbvjqgJwZR61M5jROfyYaCUwsdPhI4HmucrKCqcgjKC5simxGfyBEOQrIUppKuA3-7PB6-E3GAsnm5e-kmSiQg-ftoI10Gp6TRFVBzrJaOF5bbAefEqUCCf3hYTcXPlWkrmxMxpiYyuokgijW1Ktel2utgpv78s6BT8dmWU-Q8d6MVpdXPHBQnOUBsFOXaTfKcvd334ExY6b04Q59KQL23z3x9IQWthyvogVF6QGCwnhFwmXbrNU6uozBDAVoME0mc8NyHHYVJi5bYrN1oK_XbUd-PbVcVaPcWbDmHyFLsHvqFJlGHV2VGIEzPEi0wlGSVggLecuMBLTfHkVNbFVL3b_56URPQdHDPLHrmS79mKZLbwmWJQ0f3WdZHMG18PLWw4TxI3oP5ONrGQBWKsLJ54n0RsppzojSJcQXxBhVY93HkHyQR-w0dd7Xugk6WO7j7O1vXWQZfSoDqWswQlFKEkevZafAKi4F_DLX5CWqO2pJoDWKzdAiG4hjKz6my2qDlCQfH4D9g2lrNuH_bHFULAm8IoQHlYIz1Ths9wil0ZccXbH2QoVQuFDkc2tFduVLvPGHnu67qqjBdIiGj8bSZtsJkHLjA93BiQMKV6acERgDUAacej9DxyYw5ScEr21hCUzyv_26z2YN419wGyvX9Xf6TdmQpcNurTuXoOpN5jeonlw1TxL-d2BxA1RiCgbZxdTqVkGuBWm4-2Wo%3D HTTP/1.1 
Host: curvyalpaca.cc
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         157.90.88.166
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Thu, 01 Dec 2022 22:48:35 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/gambling-commission.png HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 404 Not Found
content-type: application/xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
x-ms-request-id: ae138434-b01e-0066-06d6-055d22000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 249
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca630b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/1-main.js HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: EqJ6l4cI9XyehxuJDe4EbA==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EC00E48F"
x-ms-request-id: afdbac43-801e-0030-032e-03accd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aba470b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/1-styles.css HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: lMc9drvQACpBd5pyJgR1QA==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EBD101D6"
x-ms-request-id: 48012a01-901e-0061-2e2e-033141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aba460b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/unibet-logo.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 28 Nov 2022 13:31:58 GMT
etag: W/"0x8DAD144EC848066"
x-ms-request-id: 561aba3e-701e-0079-042e-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca510b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /widget/betslip/betslip.js HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 9491108d-c01e-000e-6d20-ff3bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 133437
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0bbb160b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1 
Host: adeumssp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         157.90.90.249
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Thu, 01 Dec 2022 22:48:34 GMT
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjiS9CyTox5XdCdMEsS4bfElulGa1IxNawxIel1juY6lTieURM6O_Q2bAkxKW19oum-77Htwu0eVRX5Smn9urOLwHaKkCJebV3e-cQYjRyZoMi2eTnxa6omk8ApPfu-FEpZPKPFB2H9sw1XHMYA-RQxevVm2t5yBMWP4lCpI_1DuET4nMqJE4h40Sk3yhwjVOALBKLteT9TLHLVo0Vjpb7sv3auCP_AL4hrveiahlOW731Ai98MYLf7V0EZ37TjdH9HUsMznGZcOgWMWS8X6fLBHTHupkznNuUao194hHNPIwfposY23ANw4U1Gov6GMPSVBn-EmV9Vi9452tU6wAEBPE2Fl6JeBbENrg0ivynZ1LPUns0kbrRkomOwHLUGTjeUT_MsJ-pHFRUne3OWX7D7X29lelaM3UJ3Zpk4dDX0gVNGK2ZQnl9ubiahPOgsCy2BrAeZlrqWNvAbbKnowNK19_H-UK5IfWhuYUVd4Ijf79L8-9ygzwGmuXKJVOs2bRn8qXSXOienpgaX4buNgxhi65FQcAASliv8YcyoT5mrqHUo9pIfFRsPc3BBD4EsuQemIvYdJAVctbn6jNzUhFeeBcLp6mGo6w8U5ORrwejjpYlPv8nS_ZEeSOgxCp5uqtMYgzSYrQrzwQ1qyb7jwQFo5-G-qZY-HA-4Cgkjb5MXgfpTT_vTVxWYoM9T4B06T5ELv372TXajhVhC64lbEVK8MOdMffrhNB_kVzlJuvARcNMNK1SJX9sAAMbmZ7u3q7ev7t_OUjwuWxZwQe85GU-xyqPaANp3b4bIM2XnUFAXuOJvIuwlzb7l5vtJYicHFvmNjLLydR0x3rHWo6G8oKIThcI1Aj4pCCRDMemX2CKZEXJKU_SRd18ktbPuTi8C7YNvCRFXmF7DyngzQ4FItWB_JqmSNVBy4me4KxBeLBLmhUCluyRKPDokxcttaw-CI40nNU-B2ukpwpGuWP2pJCknHkkZaHD597HeH_d3GsmoeA1kTeWJDxPArmYc8EetqWymP3femoWRZ3YGHmZDxLBLYVNLv6XYzjmT-HP4XIWklJDCSpr27D6DtJ3aUQqLWAnZ3wKPXdBfy-44wIpbhueQcEtgq-GFZpa6Py0pcQOuKxyenOVgNTtwuE9HhtIKI-DyGngebvKev_DEU_wSWDeMgTw8oYAVJUR5V_uaUOsTm4A0AmEmj_g_1YsZbsiUw82rtggYOdhpJ_j_y-8RmByYycM-UcyWHinP-o9j_ZcIWN2ACCORf7atk2Y3TbOKvB2yVfnr5db7aMyLfP85fTncXTo4n7O9JDq7Px8GR-OuvAWVhW3gshjzF6gK9HcgctZg0ccWNu1L1hByQUMqQ6avfDh2mhKnnYBrvoMiyIHH9VWoPWJkfc2QDW5gc_xp6vifAKCMYKvedNzBuXSKJ_RHGaHOdwGBzl-X14rtJctQJRA6WnTQcesv_uMzuimkvmdNfPPz0CdFskA4iBhCyp_d48NdXgWcScvA4LSBx2datKQKjZb4xaktuC0p-PGcth5V0qEpFhohXkzBVY8fpTXhwPEw-J09pcbvjqgJwZR61M5jROfyYaCUwsdPhI4HmucrKCqcgjKC5simxGfyBEOQrIUppKuA3-7PB6-E3GAsnm5e-kmSiQg-ftoI10Gp6TRFVBzrJaOF5bbAefEqUCCf3hYTcXPlWkrmxMxpiYyuokgijW1Ktel2utgpv78s6BT8dmWU-Q8d6MVpdXPHBQnOUBsFOXaTfKcvd334ExY6b04Q59KQL23z3x9IQWthyvogVF6QGCwnhFwmXbrNU6uozBDAVoME0mc8NyHHYVJi5bYrN1oK_XbUd-PbVcVaPcWbDmHyFLsHvqFJlGHV2VGIEzPEi0wlGSVggLecuMBLTfHkVNbFVL3b_56URPQdHDPLHrmS79mKZLbwmWJQ0f3WdZHMG18PLWw4TxI3oP5ONrGQBWKsLJ54n0RsppzojSJcQXxBhVY93HkHyQR-w0dd7Xugk6WO7j7O1vXWQZfSoDqWswQlFKEkevZafAKi4F_DLX5CWqO2pJoDWKzdAiG4hjKz6my2qDlCQfH4D9g2lrNuH_bHFULAm8IoQHlYIz1Ths9wil0ZccXbH2QoVQuFDkc2tFduVLvPGHnu67qqjBdIiGj8bSZtsJkHLjA93BiQMKV6acERgDUAacej9DxyYw5ScEr21hCUzyv_26z2YN419wGyvX9Xf6TdmQpcNurTuXoOpN5jeonlw1TxL-d2BxA1RiCgbZxdTqVkGuBWm4-2Wo%3D
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-expert.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320669583:86804727-37950&btag=320669583_69CB9FDFAA404AB7AAF347F91032C2B6&bid=37950&campaignId=2808422&pid=86804727
Cookie: __ucbt=node0qlpirp4oqxkm6fm551izg0q51; uniattr=ST.0.T; uniattr_ref=; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669583_69CB9FDFAA404AB7AAF347F91032C2B6; BID=37950; PID=86804727; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669583_69CB9FDFAA404AB7AAF347F91032C2B6%26sref%3DRLA%26RLA%3D715734%26affiliateId%3D1%26pid%3D86804727%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.25.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 01 Dec 2022 22:48:36 GMT
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDFDF14E"
x-ms-request-id: 0ae8f43d-c01e-0043-522e-03f45e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 292488
vary: Accept-Encoding
server: cloudflare
cf-ray: 772f5f0aca5e0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---