Overview

URLwalter-larence.com/0e277b98-4644-4b05-8a9c-68023446725c
IP 18.193.146.82 (Germany)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-27 12:06:30 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (37)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
a1s.unibet.com (1) 297625 2018-08-24 02:07:57 UTC 2020-04-28 05:20:01 UTC 85.184.96.5
www.unibet.nu (2) 0 2022-11-04 11:13:23 UTC 2022-11-27 05:19:02 UTC 85.184.96.0 Unknown ranking
ocsp.securetrust.com (1) 18792 No data No data 23.36.79.18
a1s-cdn.unibet.com (1) 283505 2014-04-23 15:07:51 UTC 2020-04-04 05:20:05 UTC 85.184.96.5
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-27 05:29:57 UTC 34.117.237.239
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-27 06:32:27 UTC 142.250.74.168
secure.adnxs.com (2) 396 2012-05-22 16:37:37 UTC 2020-03-11 07:38:04 UTC 185.89.210.141
bannerflow-feed-builder.azurewebsites.net (1) 659103 No data No data 104.40.147.180
r3.o.lencr.org (8) 344 No data No data 23.36.77.32
my.rtmark.net (1) 9054 2017-08-22 14:11:49 UTC 2022-11-27 05:53:30 UTC 139.45.195.8
cm.everesttech.net (1) 996 2018-09-03 07:40:22 UTC 2020-04-29 11:27:39 UTC 54.229.62.148
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-27 05:29:56 UTC 34.102.187.140
enloweb.com (1) 0 2021-04-25 23:50:01 UTC 2022-11-27 09:58:36 UTC 18.197.204.109 Unknown ranking
thaudray.com (1) 44646 2021-04-01 17:13:08 UTC 2022-11-27 08:22:52 UTC 139.45.197.237
welcome.unibet.com (17) 242429 2018-08-23 11:45:31 UTC 2020-05-05 06:12:28 UTC 108.161.188.132
ocsp.pki.goog (6) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
unibet.demdex.net (1) 338024 2018-06-24 06:21:19 UTC 2019-11-02 03:04:11 UTC 3.248.121.85
assets-tracking.crazyegg.com (1) 3651 2021-10-27 14:05:49 UTC 2022-11-27 05:40:13 UTC 54.230.111.63
ocsp.digicert.com (9) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ocsp.sca1b.amazontrust.com (3) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.149.51.98
ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-11-27 07:34:18 UTC 172.217.21.170
use.fontawesome.com (2) 942 2018-09-18 10:26:26 UTC 2020-03-18 00:09:30 UTC 172.64.132.15
script.crazyegg.com (5) 1992 2015-01-07 19:40:26 UTC 2020-02-29 22:05:25 UTC 104.19.147.8
pagestates-tracking.crazyegg.com (1) 3647 2020-10-26 19:42:04 UTC 2022-11-27 05:40:13 UTC 54.230.111.22
walter-larence.com (2) 208176 2019-03-30 10:22:48 UTC 2022-11-27 07:57:31 UTC 18.193.146.82
gdasaasnt.com (2) 0 2022-09-07 12:02:23 UTC 2022-11-27 08:04:02 UTC 139.45.197.239 Unknown ranking
adserving.unibet.com (1) 98000 2015-05-26 06:56:53 UTC 2020-04-28 07:38:51 UTC 23.36.79.43
dpm.demdex.net (3) 204 2018-07-06 04:53:56 UTC 2020-04-29 23:04:31 UTC 34.248.183.179
unibetlondonltd.d3.sc.omtrdc.net (2) 444877 2017-01-29 21:05:05 UTC 2022-11-27 05:19:03 UTC 15.236.176.210
tracking.crazyegg.com (1) 3633 2020-03-10 07:15:05 UTC 2022-11-27 05:40:14 UTC 54.154.238.28
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-27 05:33:29 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
img-getpocket.cdn.mozilla.net (5) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
cdn.bannerflow.com (3) 23819 2018-07-05 19:36:13 UTC 2020-05-07 06:37:08 UTC 104.16.171.188
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
eu.can-get-so.me (1) 0 No data No data 157.90.33.73 Unknown ranking
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-27 05:34:18 UTC 142.250.74.10

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-27 2 walter-larence.com/0e277b98-4644-4b05-8a9c-68023446725c Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-27 2 gdasaasnt.com Sinkholed
2022-11-27 2 gdasaasnt.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.193.146.82
Date UQ / IDS / BL URL IP
2023-01-30 00:10:45 +0000 0 - 0 - 12 bl.trackham.com/f9908105-7257-45be-97c0-99904 (...) 18.193.146.82
2023-01-29 23:21:37 +0000 0 - 0 - 5 track.mbstrk.com/5e481755-7c5e-4e00-abb3-7114 (...) 18.193.146.82
2023-01-29 20:55:53 +0000 0 - 0 - 1 walter-larence.com/029b2beb-3f1e-463e-890c-69 (...) 18.193.146.82
2023-01-29 20:16:49 +0000 0 - 1 - 4 walter-larence.com/f8a03dbb-3f25-4006-b387-0a (...) 18.193.146.82
2023-01-29 19:06:15 +0000 0 - 0 - 1 walter-larence.com/ffcefbf5-6845-4a5c-8806-9b (...) 18.193.146.82


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-01-30 01:13:48 +0000 0 - 0 - 2 www.dcarchangels.com/sr.-adv.---h.-dyewr.html 76.223.105.230
2023-01-30 01:08:24 +0000 0 - 6 - 0 golden.vias.ms/L_9RXKR 44.239.146.228
2023-01-30 01:04:41 +0000 0 - 0 - 0 ww1.restaurantbiplane.com/?subid1=4e29196a-9e (...) 13.248.148.254
2023-01-30 00:56:14 +0000 0 - 0 - 15 www.fuckmore.com/4121/?country=US&region=Cali (...) 3.123.63.109
2023-01-30 00:55:41 +0000 0 - 0 - 4 ww25.msc11dzl8.hdjekcnk.com.cn/ 199.59.243.222


Last 5 reports on domain: walter-larence.com
Date UQ / IDS / BL URL IP
2023-01-29 20:55:53 +0000 0 - 0 - 1 walter-larence.com/029b2beb-3f1e-463e-890c-69 (...) 18.193.146.82
2023-01-29 20:16:49 +0000 0 - 1 - 4 walter-larence.com/f8a03dbb-3f25-4006-b387-0a (...) 18.193.146.82
2023-01-29 19:06:15 +0000 0 - 0 - 1 walter-larence.com/ffcefbf5-6845-4a5c-8806-9b (...) 18.193.146.82
2023-01-28 22:56:44 +0000 0 - 0 - 7 walter-larence.com/48c4f6c1-f658-423f-9dd5-01 (...) 18.193.146.82
2023-01-28 20:55:29 +0000 0 - 0 - 1 walter-larence.com/eb1e96cc-26d7-45a6-a071-ef (...) 18.193.146.82


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-26 10:08:00 +0000 0 - 0 - 4 teleline.site/m/ec/ppt1/ 79.98.29.29
2023-01-26 09:57:57 +0000 0 - 2 - 5 gdasaasnt.com/link?z=4356956&var={zoneid}&ymi (...) 139.45.197.239
2023-01-26 09:33:31 +0000 0 - 0 - 4 1d657f84ce6.clicks4tc.com/ 94.237.103.119
2023-01-26 09:29:27 +0000 0 - 1 - 14 serialghar.me/vid/files.php?id=rmieKpLV7VmL 104.21.22.220
2023-01-26 09:14:37 +0000 0 - 0 - 43 ww10.1piecemanga.com/manga/one-piece-chapter 188.114.97.1

JavaScript

Executed Scripts (29)

Executed Evals (9)
#1 JavaScript::Eval (size: 62) - SHA256: adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42
(function() {
    return window.functions.getPageNameOldEvar1()
})();
#2 JavaScript::Eval (size: 71) - SHA256: dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb
(function() {
    return Math.round((new Date).getTime() / 1E3).toString()
})();
#3 JavaScript::Eval (size: 60) - SHA256: 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f
(function() {
    return visitor.getMarketingCloudVisitorID()
})();
#4 JavaScript::Eval (size: 55) - SHA256: 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282
(function() {
    return visitor.getAnalyticsVisitorID()
})();
#5 JavaScript::Eval (size: 61) - SHA256: 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c
(function() {
    return window.functions.timeParting("n", "0")
})();
#6 JavaScript::Eval (size: 88) - SHA256: 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62
(function() {
    return "LP:" + BF_prop.LandingPageName.toString().replace(/:/ig, "").trim()
})();
#7 JavaScript::Eval (size: 132) - SHA256: 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168
(function() {
    if (window.innerWidth) return window.innerWidth;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetWidth
})();
#8 JavaScript::Eval (size: 54) - SHA256: fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81
(function() {
    return screen.width + "x" + screen.height
})();
#9 JavaScript::Eval (size: 135) - SHA256: fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed
(function() {
    if (window.innerHeight) return window.innerHeight;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetHeight
})();

Executed Writes (1)
#1 JavaScript::Write (size: 50) - SHA256: a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449
< script src = "/widget/betslip/betslip.js" > < /script>


HTTP Transactions (94)


Request Response
                                        
                                            GET /0e277b98-4644-4b05-8a9c-68023446725c HTTP/1.1 
Host: walter-larence.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         18.193.146.82
HTTP/1.1 302
                                        
Server: nginx
Date: Sun, 27 Nov 2022 12:06:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://enloweb.com/hjb9pqctd?key=4da9ef8c3a4a9ef03622a841040cea95&s2s=ws0hhf0lgucei4pki190lfee&sub1=
Pragma: no-cache
Set-Cookie: 0e277b98-4644-4b05-8a9c-68023446725c-v4=tyf43IfFmViiD8HVCTrs2XeCoSl8ao0SJkDpRAG3YP0; Max-Age=86400; Expires=Mon, 28-Nov-2022 12:06:19 GMT; Domain=walter-larence.com; Path=/; HttpOnly cc-v4=pRFNxP%2BGtake4ZcHCSe2Dc478B8B%2Bruw9m1gRk8SKUbjJCwTM01u20E0lc4v02DUSqNUzZemSQ%2FbdnnkibgrrBDzY3lbCsJwzuARNFJLMYL7NJFxZKdqoZ9KI3kaNNu1yR9m2E712H4eVmIad5UjgA%3D%3D; Max-Age=31536000; Expires=Mon, 27-Nov-2023 12:06:19 GMT; Domain=walter-larence.com; Path=/; HttpOnly


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8458
Expires: Sun, 27 Nov 2022 14:27:17 GMT
Date: Sun, 27 Nov 2022 12:06:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5010
Cache-Control: max-age=172104
Date: Sun, 27 Nov 2022 12:06:19 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:54:43 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8350
Expires: Sun, 27 Nov 2022 14:25:29 GMT
Date: Sun, 27 Nov 2022 12:06:19 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: p8kDTHkUpUZvNsY3YCDKkdQQLM487LarxkSfKncCPRY5I5vrb6ft9stbylez5iXY8oF81grPph8=
x-amz-request-id: VFYQ4F9R1D91QDBN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 11:41:37 GMT
age: 1482
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 11:17:39 GMT
cache-control: public,max-age=3600
age: 2920
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:19 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=106958
Date: Sun, 27 Nov 2022 12:06:19 GMT
Etag: "63825189-1d7"
Expires: Mon, 28 Nov 2022 17:48:57 GMT
Last-Modified: Sat, 26 Nov 2022 17:48:57 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 18ZZjFFPU9sMlSYfMKskn0fZl9hVxWi79uDEH_m2gVucA12CLrKWhQ==

                                        
                                            GET /hjb9pqctd?key=4da9ef8c3a4a9ef03622a841040cea95&s2s=ws0hhf0lgucei4pki190lfee&sub1= HTTP/1.1 
Host: enloweb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.197.204.109
HTTP/2 302 Found
                                        
date: Sun, 27 Nov 2022 12:06:20 GMT
content-length: 0
location: https://walter-larence.com/d92b6301-6427-402a-9ceb-8edf75bf6fdb?zoneid={zoneid}&device={device}&browserversion={browserversion}&osversion={osversion}&user_activity={user_activity}&bannerid={bannerid}&isp={isp}&zone_type={zone_type}&language={language}&connectiontype={connectiontype}&cost={cost}&visitor_id=${SUBID}
server: nginx/1.19.5
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: backurled=4da9ef8c3a4a9ef03622a841040cea95; expires=Sun, 27 Nov 2022 12:07:20 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-request-id: 13ac31c05457d11bb2f1b6d08cfd0ec6
cache-control: no-cache, max-age=0, private, no-cache
pragma: no-cache
X-Firefox-Spdy: h2

                                        
                                            GET /d92b6301-6427-402a-9ceb-8edf75bf6fdb?zoneid={zoneid}&device={device}&browserversion={browserversion}&osversion={osversion}&user_activity={user_activity}&bannerid={bannerid}&isp={isp}&zone_type={zone_type}&language={language}&connectiontype={connectiontype}&cost={cost}&visitor_id=${SUBID} HTTP/1.1 
Host: walter-larence.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.193.146.82
HTTP/2 302 Found
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:20 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://gdasaasnt.com/link?z=4356956&var=%7Bzoneid%7D&ymid=wi695ht8armi84pki7nb50h0
pragma: no-cache
set-cookie: d92b6301-6427-402a-9ceb-8edf75bf6fdb-v4=k83jJCW1hEj0Xlnt2dqqeuZ9VzQWjOaH_YsXOcnU668; Max-Age=86400; Expires=Mon, 28-Nov-2022 12:06:20 GMT; Domain=walter-larence.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=i03%2Ba1odcaUOZRgvx1XmOVoQfsh9Wr4btKDLSw9aIHsFihRWWqeJxle5DiB5kIScDZVKOf8jDpUBH8UbjrPe076xvXpa3dG5cF0uGNkq1ode7E6CYQgnJkmbzIxHS1oYE2Qsk6GWfhOWGuhPiSkFEQ%3D%3D; Max-Age=31536000; Expires=Mon, 27-Nov-2023 12:06:20 GMT; Domain=walter-larence.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 3308
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "515476D9B4B42C6702E609D4DA2AE435718163BED11EF2C1E70B1423B986B09F"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7315
Expires: Sun, 27 Nov 2022 14:08:15 GMT
Date: Sun, 27 Nov 2022 12:06:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5862
Cache-Control: max-age=167894
Date: Sun, 27 Nov 2022 12:06:20 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:44:34 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11485
Expires: Sun, 27 Nov 2022 15:17:45 GMT
Date: Sun, 27 Nov 2022 12:06:20 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: gdasaasnt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdasaasnt.com/link?z=4356956&var=%7Bzoneid%7D&ymid=wi695ht8armi84pki7nb50h0
Cookie: OAID=4322dc7a43ce4988bb1b7be84a157aad; oaidts=1669550780; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /img.gif?f=merge&userId=4322dc7a43ce4988bb1b7be84a157aad HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdasaasnt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:20 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4322dc7a43ce4988bb1b7be84a157aad; expires=Mon, 27 Nov 2023 12:06:20 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ypr8meGzx8CW1gOo2tj8Jg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.149.51.98
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: azfn+LLtBbyU6Ff/hqy7HDmVBB8=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "669BB5BEDAF18FA98A46D4851CB3A9D5348FA9559DEE7F3E5B2CE40C57A0F256"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9180
Expires: Sun, 27 Nov 2022 14:39:20 GMT
Date: Sun, 27 Nov 2022 12:06:20 GMT
Connection: keep-alive

                                        
                                            POST /?z=4356957&syncedCookie=true&rhd=false HTTP/1.1 
Host: thaudray.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 553
Origin: https://gdasaasnt.com
Connection: keep-alive
Referer: https://gdasaasnt.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         139.45.197.237
HTTP/2 302 Found
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:20 GMT
content-length: 0
location: https://eu.can-get-so.me/pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=620703564607791163&subid1=4356957&cost=0.003150&rdk=rk3
x-trace-id: db9fc80ec52349c0596396466e6ea8fe
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://gdasaasnt.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=1626eaffe69e435d815236f229ed14bd; expires=Mon, 27 Nov 2023 12:06:20 GMT; path=/; secure; SameSite=None oaidts=1669550780; expires=Mon, 27 Nov 2023 12:06:20 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AA2B7CA550586E5AA5BAD7551558B5BC01887B6381E00F5129B31049C21EA2BA"
Last-Modified: Sun, 27 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17743
Expires: Sun, 27 Nov 2022 17:02:04 GMT
Date: Sun, 27 Nov 2022 12:06:21 GMT
Connection: keep-alive

                                        
                                            GET /pr?ids=qqytmvwroco&hash=8b420b2801d6ef7b&ext_req_id=620703564607791163&subid1=4356957&cost=0.003150&rdk=rk3 HTTP/1.1 
Host: eu.can-get-so.me
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         157.90.33.73
HTTP/2 302 Found
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=698571
set-cookie: rauid=-6nu9OoDRRuKWDPuUBaEog; expires=Mon, 27 Nov 2023 12:06:21 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /redirect.aspx?bid=37950&pid=73207837&sref=RLA&RLA=698571 HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         23.36.79.43
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&sref=RLA&RLA=698571&affiliateId=1&pid=86810990&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 12:06:21 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 27-Nov-3021 12:06:21 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=78, cdn-cache; desc=MISS
X-Firefox-Spdy: h2

                                        
                                            GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&sref=RLA&RLA=698571&affiliateId=1&pid=86810990&bid=37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&sref=RLA&RLA=698571&affiliateId=1&pid=86810990&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86810990-37950
set-cookie: JSESSIONID=node017lxhwy7yb5qn1nzbq0z1wruxv7931937.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node017lxhwy7yb5qn1nzbq0z1wrux; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:06:21 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:06:21 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:06:21 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None B-TAG=320669583_A2712E4BBEDA4D14996B208EE0545761; Path=/; Domain=.unibet.nu; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None PID=86810990; Path=/; Domain=.unibet.nu; Secure; SameSite=None CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669583_A2712E4BBEDA4D14996B208EE0545761%26sref%3DRLA%26RLA%3D698571%26affiliateId%3D1%26pid%3D86810990%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 27 Nov 2022 12:06:21 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&sref=RLA&RLA=698571&affiliateId=1&pid=86810990&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86810990-37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node017lxhwy7yb5qn1nzbq0z1wrux; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669583_A2712E4BBEDA4D14996B208EE0545761; BID=37950; PID=86810990; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669583_A2712E4BBEDA4D14996B208EE0545761%26sref%3DRLA%26RLA%3D698571%26affiliateId%3D1%26pid%3D86810990%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 27 Nov 2022 12:06:21 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.securetrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.79.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 638
Date: Sun, 27 Nov 2022 12:06:21 GMT
Connection: keep-alive

                                        
                                            GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1 
Host: a1s-cdn.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   956
Md5:    fd48e87ecd4d06d9c5df490b91dc813e
Sha1:   a65a437db44444634e4f41732c590c1d14433b3f
Sha256: 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
                                        
                                            GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: 12111bc7-501e-0033-4858-024da9000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6679
Md5:    e11f4bccdbe9c9dd2fd7b11e4e198262
Sha1:   54055c56970872a2d5a5fb08295ef3cf3e6beab9
Sha256: 18c05bcb0ff1178241df6156382062211e8e823fa14183c20f5136540770196e
                                        
                                            GET /custom.js HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: ec4207e3-101e-000d-4a46-02dad6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2741
Md5:    90f352498e22ce8aa97be62978590f4f
Sha1:   2bfc580dedc940a0ed5551fff65453edb6330e50
Sha256: eeb0edc470af25c2dc37dd45150b7c75e19bdf59676cbc2a8bccf8d9e0a1c53d
                                        
                                            GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 5520b4fd-401e-0010-7458-02d76a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1067
Md5:    d9f5eadb4bea700205b7ead61fe1a81d
Sha1:   89d8e5732c23c299cdd0c74e009f0663ec9dc7c9
Sha256: 9e1517aeec6eabcf6ae0e568867cf94e3458c285423c92e69a1c4b446c443cd5
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.217.21.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 09:42:00 GMT
expires: Mon, 27 Nov 2023 09:42:00 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 8661
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: e1e5ba65-701e-0024-6857-02e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10412
Md5:    d5800f9e1dcad3c7e869cae5b16f046d
Sha1:   90b9faef8dcc095ecf624b592da8ebb8baa15773
Sha256: c2f93a677ce3f244c6487ff4ac6315823f2296a858e688713fd9244aca7275c7
                                        
                                            GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3143
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 12:06:21 GMT
Last-Modified: Sun, 27 Nov 2022 11:13:58 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Roboto:300,400,500 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 12:06:21 GMT
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   99097
Md5:    06fa26e265b4c1b805e29357464efc39
Sha1:   bae9f63fd17d0b83dbbe396d37767b66d64e493c
Sha256: bdfbbc599d08e34abf5658de315cccd8e90f5b791b5ff40386c8eb9667b7e300
                                        
                                            GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: font/woff2
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: "0x8DACBBCB4A3B989"
x-ms-request-id: d76a6ae0-b01e-003b-1657-0257a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size:   10924
Md5:    0ea5bcff84ae44840b6e9c9d12c8b963
Sha1:   6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
Sha256: b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
                                        
                                            GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: 8317c0ac-e01e-0044-7557-02983d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   27668
Md5:    7b4491cf7cd62b447f90b1f9aef2a4ac
Sha1:   c93e72b356800fedaad051704610abf4175f4b7b
Sha256: 973977379e35cfc0c71b663ad302a44068aa57a1608fd6f1e8466366fa51f481
                                        
                                            GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.132.15
HTTP/2 200 OK
content-type: font/woff2
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
content-length: 74320
x-amz-id-2: M4A/F0JmvDZ1O1xRg2EBakOzxZF3bSCcwS7PM2TzdgHMYzotAgHsHpRFaX6ety8BGzuScpc+CmY=
x-amz-request-id: KZBF2W9RM5AR88GJ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 30102139
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RO1fpWsHJA8TbupK2dz0kkqPSNTpWnrGa7rKa2B7JhsCfXzvPqpTOdMkfm%2BpkNI0gv2D133nRvRxJ0iKlnSO4zzN2tUgEYwrroyeXyDn6pKA2N7kFvTYtufFT2%2FKGBxbIPGt8CEC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770abcc2aa8b7705-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size:   74320
Md5:    3638e62ea50e6f5859b6a15276c25c87
Sha1:   f5aa1a463e223a294a42b314e1c63a614d594ec0
Sha256: 9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 318733
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: d34c58fa-801e-0042-0c58-02ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   56126
Md5:    6a32826e7c3a98d3882b71ba1962fa85
Sha1:   386a13b2fea36f21b89fd692837c763f94bf95b1
Sha256: fe51ae6e8cee77cc439548ecce90ca113a2cea05532e62c6abf1151f835beb28
                                        
                                            GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 12:06:21 GMT
expires: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80711
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62112)
Size:   80711
Md5:    855b22fb29767a78feb788e56e51b7d5
Sha1:   b38bb1e9efca58e8a24ce2a22be34dbb1de2fa97
Sha256: 1d8d156f1af0ff2f41bb304c911283c04f922e1fa82e69c856f7876bc003f91e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
content-length: 421
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: "0x8DACBBCB155306D"
x-ms-request-id: 4263ecb4-b01e-0076-1457-02984a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size:   421
Md5:    ad2d9f441c6692a806c7b427bb3e536d
Sha1:   4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
Sha256: 95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6412
Cache-Control: max-age=172025
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "638336ab-117"
Expires: Tue, 29 Nov 2022 11:53:27 GMT
Last-Modified: Sun, 27 Nov 2022 10:06:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12329
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:06:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12329
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:06:22 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 27 Nov 2022 12:06:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6412
Cache-Control: max-age=172025
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "638336ab-117"
Expires: Tue, 29 Nov 2022 11:53:27 GMT
Last-Modified: Sun, 27 Nov 2022 10:06:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 51281
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10199
Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0
Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da
Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 51285
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8254
x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFySQGegIAMF-HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:52:26 GMT
age: 51236
etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8254
Md5:    6ee5071a31d351c552aa651e40b16189
Sha1:   6fca9136030ea6f67be44e428ea39c34ff3e28e7
Sha256: 8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9
                                        
                                            GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: 17d8a81b-d01e-004f-1557-026356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   8876
Md5:    62cdb0111edb4d55505d1ed60a163ca0
Sha1:   d520ce8b3ac17f46c791d77441b346f88b719f51
Sha256: 57e4af93c4cded7b8cb424c192e3d883b6e06b57dc7ed847dbca0aae6cc98244
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 51281
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5099
Md5:    433875a1b1fef34e45f2d8ac344c07e3
Sha1:   f2129466436cbbdd58abe42a47fb7af19eba58e6
Sha256: ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2944
x-amzn-requestid: 8f1b2573-39ab-442e-8c6e-97538a28aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWXXEjJIAMFu1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813762-52f27ff536b0c3b84bdfba8e;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:45:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9hy8v_azPZzuVRv1VN61DoNWbfA83JPs4JcZfRyLo3j6HCtWv_gkNw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:04:40 GMT
age: 50502
etag: "139f48ea60880efc6d2977f4d3141809f22adfef"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2944
Md5:    5c135ab961de12d926b94f9abae8adbe
Sha1:   139f48ea60880efc6d2977f4d3141809f22adfef
Sha256: 1578a994e7c4eef451f1c744116caa95e1aa995c4817a13832f1ac3487cea95d
                                        
                                            GET /seg?add=9755599 HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.89.210.141
HTTP/1.1 307 Redirection
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 12:06:22 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 1c24ecc4-6229-4095-894b-5fc7e1d79cbc
Set-Cookie: uuid2=8664200507636026701; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 12:06:22 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4872
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 12:06:22 GMT
Last-Modified: Sun, 27 Nov 2022 10:45:10 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.19.147.8
HTTP/2 200 OK
content-type: application/json
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
content-length: 1769
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 27 Nov 2022 10:48:40 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 4662
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc4f8790b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Size:   1769
Md5:    96a88268b74f55101da75ef7aff3aa61
Sha1:   366877937e0990f811ddf544e2d2c22e68239f9d
Sha256: 35623bb71dfebb8fca9a0153395b059c6eb8cb863cdb96d216cc14ff7e20bbbe
                                        
                                            GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.89.210.141
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 12:06:22 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 9e348158-72f0-49b9-8334-4865eeff974b
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In8jBx_U!]tbP6j2F-XstGt!@DlB$q#F#; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 12:06:22 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669550781819 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.248.183.179
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-0be46a66e.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=59776566395220984003133205259879598386; Max-Age=15552000; Expires=Fri, 26 May 2023 12:06:22 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: pT6SsZxNSwU=
Content-Length: 498
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Size:   498
Md5:    d9ad995d7091f0e2e2352f758da768a7
Sha1:   685259b8d6ce5e21084afe4825cc00886bbc7c71
Sha256: bd2dc1c9a4daf2e69fd99886c03c9df772cf09c877ac0210179fac2e018ffc2b
                                        
                                            GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.19.147.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 153687
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc538d60b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (63889)
Size:   26836
Md5:    40a61971f3342753b240df82579098d2
Sha1:   75a44689092cd59612c3c77f4c3f353f5898c4b9
Sha256: c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2145
Cache-Control: max-age=92893
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "6382123a-117"
Expires: Mon, 28 Nov 2022 13:54:35 GMT
Last-Modified: Sat, 26 Nov 2022 13:18:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1395
Cache-Control: max-age=92142
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "6382123a-117"
Expires: Mon, 28 Nov 2022 13:42:04 GMT
Last-Modified: Sat, 26 Nov 2022 13:18:50 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2145
Cache-Control: max-age=92893
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "6382123a-117"
Expires: Mon, 28 Nov 2022 13:54:35 GMT
Last-Modified: Sat, 26 Nov 2022 13:18:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1 
Host: cdn.bannerflow.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.171.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 136
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc5bb120b69-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   8503
Md5:    4d651e03c73f4f28ffe4b66e0fa4128c
Sha1:   051268f38c470902c402769574892aec7ea87d97
Sha256: b24cae6f8bc08a0faaae367520e57b55410179330fafbdac7280e2235c672843
                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=59791387193274003153131598657983427753&ts=1669550781988 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         15.236.176.210
HTTP/2 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sun, 27 Nov 2022 12:06:22 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: unibet.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         3.248.121.85
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
date: Sun, 27 Nov 2022 12:06:22 GMT
DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: KNNnxavURYA=
Content-Length: 2791
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2791
Md5:    ccbdcb1e84c241950763ec4cd516cdfc
Sha1:   55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
Sha256: de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
                                        
                                            GET /pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463764 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.19.147.8
HTTP/2 200 OK
content-type: application/json
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
content-length: 144
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 27 Nov 2022 10:48:41 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 4661
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc66a090b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   144
Md5:    633f8933a3d5333287d6fb043df61d1a
Sha1:   fb8fa774a8b0e7dbb5cc1b6788df3f65c3026661
Sha256: 0033ade4aaa9bee2d25988d30d23357bfe3dc357b4bddb3e86a92711dd287f89
                                        
                                            GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s87800676459601?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%2012%3A6%3A22%200%200&mid=59791387193274003153131598657983427753&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86810990-37950%26btag%3D320669583_A2712E4BBEDA4D14996B208EE0545761%26bid%3D37950%26campaignId%3D2799402%26pid%3D86810990&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669583%3A86810990-37950%26btag%3D320669583_A2712E4BBEDA4D14996B208EE0545761%26bid%3D37950%26campaignId%3D2799402%26pid%3D86810990&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A06%20PM%7CSunday&v6=12%3A06%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669550782&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669583%3A86810990-37950&v122=NONE&v124=2799402&v125=320669583_A2712E4BBEDA4D14996B208EE0545761&v126=86810990&v127=37950&v134=1669550781&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         15.236.176.210
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
access-control-allow-origin: *
date: Sun, 27 Nov 2022 12:06:22 GMT
expires: Sat, 26 Nov 2022 12:06:22 GMT
last-modified: Mon, 28 Nov 2022 12:06:22 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3585333004736364544-4619775473019393003
vary: *
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2\012- data
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            GET /healthcheck HTTP/1.1 
Host: pagestates-tracking.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.22
HTTP/2 200 OK
content-type: application/json
                                        
content-length: 19
date: Fri, 30 Sep 2022 16:18:54 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JeFcR2GwyS6zqITiy6sbThpGpI1FeykoS9kZbp6fNApIxsu7MLPCLw==
age: 4996049
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   19
Md5:    d06f04fccf68d0b228a5923187ce1afd
Sha1:   5de9df9fdd66a91eed06e31981553d4ab9ccf490
Sha256: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
                                        
                                            GET /healthcheck HTTP/1.1 
Host: assets-tracking.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.63
HTTP/2 200 OK
content-type: application/json
                                        
content-length: 19
date: Mon, 22 Aug 2022 11:33:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mNZzdtRyHohskiPlSKGGVi8lg5NxJOXik3b1Vyn-coPVQuedGezfJA==
age: 8382787
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   19
Md5:    d06f04fccf68d0b228a5923187ce1afd
Sha1:   5de9df9fdd66a91eed06e31981553d4ab9ccf490
Sha256: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=97992
Date: Sun, 27 Nov 2022 12:06:22 GMT
Etag: "63821c1d-1d7"
Expires: Mon, 28 Nov 2022 15:19:34 GMT
Last-Modified: Sat, 26 Nov 2022 14:01:01 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WA2mTXwZvL3j03W5LMQZ4htYJtqHlFG6uj4VJN8p0R_sp0UvuMNoyw==
Age: 4713

                                        
                                            GET /cm/dd?d_uuid=59776566395220984003133205259879598386 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.229.62.148
HTTP/1.1 302
                                        
Date: Sun, 27 Nov 2022 12:06:22 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4NSvgAAABzVRwNe; Domain=.everesttech.net; Expires=Mon, 27-Nov-2023 12:06:22 GMT; Path=/ everest_session_v2=Y4NSvgAAABzVSANe; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4NSvgAAABzVRwNe
Server: AMO-cookiemap/1.1

                                        
                                            GET /ibs:dpid=411&dpuuid=Y4NSvgAAABzVRwNe HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.248.183.179
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-01a6f2a00.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NSvgAAABzVRwNe
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=46202336116375732193916263011715907077; Max-Age=15552000; Expires=Fri, 26 May 2023 12:06:22 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: gcWPfrTpTz0=
Content-Length: 0
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 12:06:22 GMT
Last-Modified: Sun, 27 Nov 2022 12:00:56 GMT
Server: ECS (dcb/7EEA)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 54W8jQxUTZWKkCVXualg6gNSxo63eHR8mRUwZAPoroB4lErYRNi5Wg==
Age: 326

                                        
                                            GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NSvgAAABzVRwNe HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.248.183.179
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-078a58cff.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: RZP3yby1Rbw=
Content-Length: 59
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   59
Md5:    1251cd5e5c2def4c046309375f87c1c1
Sha1:   e02d6b0c6a5c495c15985e2832e335eda8528c80
Sha256: 4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
                                        
                                            GET /clock?t=1669550782243&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1 
Host: tracking.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.154.238.28
HTTP/2 200 OK
content-type: text/plain
                                        
server: awselb/2.0
date: Sun, 27 Nov 2022 12:06:22 GMT
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   26
Md5:    fcdbc0b4c92bb3867bc7a8b245c13db1
Sha1:   a6c62b69515cfda6bb518a3f1752d4dad54139ec
Sha256: 65ed0acb4d1903c5d73a934b8f59c00a16eaef6b5f9613f22082bfdef4513452
                                        
                                            GET /widget/betslip/betslip.js HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: c45b90fd-d01e-0070-4857-02abf5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /releases/v5.7.1/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.132.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
x-amz-id-2: kIWUcp4/gRprxrhG4Bo7YL49QfCfoJzgcb+lBni7kDeALpU6YcOHbXZK3Ce3+VKgInDBPr7yuoA=
x-amz-request-id: GQJ6HHGYZ6JW9X6Q
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 53672
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQRVR3bRWGfXRmebHiQlmET%2F53eUnenPwHkHTkAx%2Fs8I1M%2BUYhd41D%2BCvrCbjNkJkO20p2iJPuX1%2F0Ft2IpNkqxIaBLkfTlRI83gi7YUWyGupA7Hb4UmBwC7YH%2BCuwT7m01K0HLR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770abcc1b90e7705-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 8ee92209-b01e-0049-2257-0250e9000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: ea67a86c-801e-006d-5057-02a649000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pages/scripts/0012/9242.js?463764 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.19.147.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 27 Nov 2022 10:48:40 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4662
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc3ff8a0b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: cd3f51c1-201e-0039-5a57-02e91e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1 
Host: cdn.bannerflow.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.171.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 140
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc5ab0a0b69-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /link?z=4356956&var=%7Bzoneid%7D&ymid=wi695ht8armi84pki7nb50h0 HTTP/1.1 
Host: gdasaasnt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/html; charset=utf8
                                        
server: nginx
date: Sun, 27 Nov 2022 12:06:20 GMT
x-trace-id: 4fd74548b2f34df617bcbf2add4ddb8f
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=4322dc7a43ce4988bb1b7be84a157aad; expires=Mon, 27 Nov 2023 12:06:20 GMT; path=/; secure; SameSite=None oaidts=1669550780; expires=Mon, 27 Nov 2023 12:06:20 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT allcnt=1; expires=Mon, 27 Nov 2023 12:06:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990 HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB10C7230"
x-ms-request-id: cca4574d-201e-0074-7c57-0226f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: dee04e76-301e-0078-4d58-02b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pages/scripts/0012/9242.js HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.19.147.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 27 Nov 2022 10:48:40 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4662
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc41fa60b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1 
Host: cdn.bannerflow.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.171.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:22 GMT
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 140
vary: Accept-Encoding
server: cloudflare
cf-ray: 770abcc5ab080b69-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1 
Host: welcome.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669583:86810990-37950&btag=320669583_A2712E4BBEDA4D14996B208EE0545761&bid=37950&campaignId=2799402&pid=86810990
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.132
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 6197ed3f-801e-001f-5558-02a106000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86810990%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550781155)%5c%2f%22%2c%22CookieTag%22%3a%223795086810990451240919C20221127126%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476416296%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1 
Host: bannerflow-feed-builder.azurewebsites.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.40.147.180
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Sun, 27 Nov 2022 12:06:21 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net ARRAffinitySameSite=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2


--- Additional Info ---