t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2
51.161.115.163200 OK 516 B URL HTTP/1.1 t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2
IP 51.161.115.163:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (571)
Hash 382e0833c0ef302a587b2a7914a9e3ca
3f4da77e964ad54c255a41fbd519ad3f67d2d26e
89f4cc8a69e9e7a5bdb82e0819f4ed478c7e3d843087de2f293c61a5e837bd57
GET /s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2 HTTP/1.1
Host: t2.hightid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 23:27:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-63208671784bc04a7b5b1ad6=638bdb7a8594c5176218b022; expires=Tue, 06-Dec-2022 23:27:54 GMT; Max-Age=259200; path=/; domain=t2.hightid.com; HttpOnly
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7532
Expires: Sun, 04 Dec 2022 01:33:26 GMT
Date: Sat, 03 Dec 2022 23:27:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4549
Cache-Control: max-age=130747
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:54 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:47:01 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 23:18:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 575
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13138
Expires: Sun, 04 Dec 2022 03:06:52 GMT
Date: Sat, 03 Dec 2022 23:27:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: C2XNSHj0pJTSFzOg8EmRHC7pbTEND5LNPwaQdfnROXRz6Ogv8KRk171ZW/lp0pu91Kfh5DYecEY=
x-amz-request-id: CKSWQTC4Y4BVWFZQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 22:47:18 GMT
age: 2436
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:27:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2&bv=1
51.161.115.163302 Found 0 B URL HTTP/1.1 t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2&bv=1
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2&bv=1 HTTP/1.1
Host: t2.hightid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2
Cookie: bt-63208671784bc04a7b5b1ad6=638bdb7a8594c5176218b022
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 23:27:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-63208671784bc04a7b5b1ad6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=t2.hightid.com; HttpOnly
Round: 11r6m6nbgk
Raund: 25s
Location: https://kanvo.cogliatu.com/rc/a33384834e?affclick=638bdb7a8594c5176218b022&pubid=67.jp.safari.
t2.hightid.com/favicon.ico
51.161.115.163200 OK 20 B URL HTTP/1.1 t2.hightid.com/favicon.ico
IP 51.161.115.163:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /favicon.ico HTTP/1.1
Host: t2.hightid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t2.hightid.com/s.php?p=c:8pnojh5wxi7l11j14&d=63208671784bc04a7b5b1ad6&s=67.jp.safari.&pid=638bdb71330963413924b9b2
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 23:27:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2db533de94a2e4b7d9591747961fa41c
cc829219333b6c16955e353dba4f110d3c3c931e
9687bf0ddf2976f55bac2f68d148df5fe730aacb01696b77e3451f8108d03e7e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9687BF0DDF2976F55BAC2F68D148DF5FE730AACB01696B77E3451F8108D03E7E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16902
Expires: Sun, 04 Dec 2022 04:09:36 GMT
Date: Sat, 03 Dec 2022 23:27:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 23:08:58 GMT
cache-control: public,max-age=3600
age: 1136
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2db533de94a2e4b7d9591747961fa41c
cc829219333b6c16955e353dba4f110d3c3c931e
9687bf0ddf2976f55bac2f68d148df5fe730aacb01696b77e3451f8108d03e7e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9687BF0DDF2976F55BAC2F68D148DF5FE730AACB01696B77E3451F8108D03E7E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16901
Expires: Sun, 04 Dec 2022 04:09:36 GMT
Date: Sat, 03 Dec 2022 23:27:55 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4548
Cache-Control: max-age=125684
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:55 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:22:39 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 036857393f71f999fb529bc038288941
46f731674fca68ddd3786de48796af335c4cc253
fac80e7c7377781d2d44e68df9d32ab2c046702a776b6558f1702404ae7dead7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=109629
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:55 GMT
Etag: "638ae4b8-117"
Expires: Mon, 05 Dec 2022 05:55:04 GMT
Last-Modified: Sat, 03 Dec 2022 05:55:04 GMT
Server: nginx
Content-Length: 279
push.services.mozilla.com/
54.189.139.67101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.139.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8c76a0VrMIf8XUOaJAHEyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VBf6Ca7pb3nNVypp+wE2oO6CId0=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 036857393f71f999fb529bc038288941
46f731674fca68ddd3786de48796af335c4cc253
fac80e7c7377781d2d44e68df9d32ab2c046702a776b6558f1702404ae7dead7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:55 GMT
Server: ECS (amb/6BA1)
Content-Length: 279
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 76cd00e5dbb3ac432497e702991073c2
68d1f6e7f263b82712fa56f963495d8da98e74e7
123881f4d5f0309461b5ed83a23074cf8a9f77410ab3c88abb98af3817ff3c5d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:27:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:34:04 GMT
Expires: Sat, 10 Dec 2022 15:34:03 GMT
Etag: "68d1f6e7f263b82712fa56f963495d8da98e74e7"
Cache-Control: max-age=575767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774013640ba61bfe-OSL
track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub53c4183712274c89b8fcc8e95e2083bb&sub2=d1972c9a_67.jp.safari.
34.141.179.97302 Found 0 B URL HTTP/2 track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub53c4183712274c89b8fcc8e95e2083bb&sub2=d1972c9a_67.jp.safari.
IP 34.141.179.97:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub53c4183712274c89b8fcc8e95e2083bb&sub2=d1972c9a_67.jp.safari. HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Cookie: afclick=638bd96d158ea90001b95c81; afoffers={"17742":1670109549}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Dec 2022 23:27:55 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638bdb7b46cce000018fb190&s=930_d1972c9a_67.jp.safari.
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=638bdb7b46cce000018fb190; expires=Sun, 03 Dec 2023 23:27:55 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 706d9b9c233d99eb374bd5116bd17408
aabc03c7e20bde5201b1d5b57290103987f90be6
b68c67170afed705e3cd7d75709310c0d259dd349c5a8d779f5dfa04e44fa611
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B68C67170AFED705E3CD7D75709310C0D259DD349C5A8D779F5DFA04E44FA611"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3422
Expires: Sun, 04 Dec 2022 00:24:58 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638bdb7b46cce000018fb190&s=930_d1972c9a_67.jp.safari.
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638bdb7b46cce000018fb190&s=930_d1972c9a_67.jp.safari.
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638bdb7b46cce000018fb190&s=930_d1972c9a_67.jp.safari. HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 23:27:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: xi
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c6fc30dd55f14f108e4d035b0ccafb4
fff2b9e01e0fe7e7ee2dbca6a01f991ade6eaa64
9abea2f87c7c60501e4e373a971923b2e28e9ce2a4e7e514a2a7f4df7f836732
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ABEA2F87C7C60501E4E373A971923B2E28E9CE2A4E7E514A2A7F4DF7F836732"
Last-Modified: Fri, 02 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4754
Expires: Sun, 04 Dec 2022 00:47:10 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.
51.83.143.92200 OK 509 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (560)
Hash 25a81f8fa2128dfaafc5176ec074239d
e3a3eea9e8784936fcfd4a1af280d354219adcf1
c669c7278bc67759541f17f58db4b1047a230dd32f09f40b0c01a6999d26e2dd
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari. HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 23:27:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=638bdb7c712924013f6f5fa1; expires=Tue, 06-Dec-2022 23:27:56 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.
Cookie: bt-603611c5b7eaf46891533240=638bdb7c712924013f6f5fa1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 23:27:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b3935ce4548081feb59b9cf939a0de49
b08ed8d06b83d71f33ac6758f4a8f40cf1716a00
660a97eb601030c773c54ca3b0ecfe8b31b2315f2072d82501967cc01bd58560
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3413
Cache-Control: max-age=102217
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:56 GMT
Etag: "638aba71-117"
Expires: Mon, 05 Dec 2022 03:51:33 GMT
Last-Modified: Sat, 03 Dec 2022 02:54:41 GMT
Server: ECS (amb/6B9C)
X-Cache: HIT
Content-Length: 279
ron.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_d1972c9a_67.jp.safari.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 23:27:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
popcash.net/world/go/134600/317194
172.67.194.203301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 172.67.194.203:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 03 Dec 2022 23:27:56 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrzwY3vkZml%2FLWSlmarXpz3GLv6FICnDF%2Br0VIB0QOzHGZjbrQrTjbnzGa2MI%2Bs%2Fx%2FyZ7gpc4c7m%2B8VGJHOef0eGwcvxma7obuXJqtPicCp1wOp7Mo1dIwvyuTON"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7740136a2c100afe-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8631
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8631
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8631
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8631
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:27:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30995615-b061-49b7-a1e1-1d39f60e42a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30995615-b061-49b7-a1e1-1d39f60e42a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f76ad58139e6d5bf4402d442ed662f3c
0100b4fdd66d254d48395da715dfd6d760ae6cf6
1c1199744e75a69f9eedfec6ecdcc11e67b735f66fc50c8a0c2d60c40920532c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30995615-b061-49b7-a1e1-1d39f60e42a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7454
x-amzn-requestid: b8250832-ecd8-499b-b292-5110afe2cd84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltkWEMroAMFatw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2e8-6d91fc504703cdd5128e5746;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: S9_U5ZapxEkMRuoSxt2YSGa3zJy7zdGlGK24yRN305GY7qkn3AdKIQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:24:09 GMT
etag: "0100b4fdd66d254d48395da715dfd6d760ae6cf6"
content-type: image/jpeg
age: 3827
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 69411fa7c0f94e7179c2cf84b716e427
188edc080e8a683c3fdc2968ee1e6aae114d75d2
713514c9afaa1953e3387aa1d1b6203fe6387e007f9fb5347558b77dd72425e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: 1c11b153-5494-4656-ad96-33bc541f93f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgaEAGmooAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a3b3-1984a9194065807d36f29532;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:05:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: u-fwrNiMISyKCpTg9HJ8TBjWLnM_Zg2KK1xrbzDXstjKATuex_Porg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 14:50:20 GMT
age: 31056
etag: "188edc080e8a683c3fdc2968ee1e6aae114d75d2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5b41d2b-ab64-4a18-814e-d348d7921eca.png
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5b41d2b-ab64-4a18-814e-d348d7921eca.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6b0065d160e7dbd17cf58f2c837b45a7
0ebefb37db37dcbf1ad421ab0cac2cccdcd83a2f
833c0a39ed1d9dcfa4a22f201d06d085e5131121810e98d5e79dd6f84e8fe436
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5b41d2b-ab64-4a18-814e-d348d7921eca.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4782
x-amzn-requestid: 98b5d5ca-7590-4756-9b92-3fb327ecc97b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsANG8koAMF_Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-546b61a82a8b952f664346b9;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ncXSPf1et6vSgEBmWwY_PperGXmgJGEx0hlLr0lhN6XHi0RLRr6WCA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:05 GMT
age: 6051
etag: "0ebefb37db37dcbf1ad421ab0cac2cccdcd83a2f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff60056a5-9ac8-4274-9b3c-814f69985fdf.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff60056a5-9ac8-4274-9b3c-814f69985fdf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdd9e42d71307b201929c3a38c745c6
8d3a7f830e57e936a1da8a001f3e78108b20c038
6e1063a755d64c8102867cd9b347eb83fca2c69af558f111abc46f523a8294da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff60056a5-9ac8-4274-9b3c-814f69985fdf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4377
x-amzn-requestid: 33abcd00-02ec-47ba-9302-312453291913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb29cG53IAMFkGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d1ef-317a802f0f84d73949236b9f;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:58:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: INIwoMEPSVerMpFUs9CMBKyBl-fbTfzIJMAJZOyGIDwyYHcktd4dXQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:59:12 GMT
age: 55724
etag: "8d3a7f830e57e936a1da8a001f3e78108b20c038"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:43:43 GMT
age: 56653
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: b096d14d-15bf-4d18-9930-5fffe561a40b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZwuFMcoAMFbTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a337-1d3c4759652c0b314f458aa8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:03:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3jrjQkv2nL9y5cmo5g30an3DJE0wiK2ifHwkukMztymsg6nDnXWOJw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:23:19 GMT
age: 57877
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 271 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash 3342883b9457132359827b33fd20bdef
e98f23747b74b2b0d89a49326c77f5457bbe5983
85a2ca1e507f6957ff0890dd22ab62db871397c604fc943668c836c3a3bb2685
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Sat, 03 Dec 2022 23:27:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 271
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=5ea26f731fbfbf96&r=&vw=1280&vh=0
3.228.63.1303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=5ea26f731fbfbf96&r=&vw=1280&vh=0
IP 3.228.63.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=5ea26f731fbfbf96&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sat, 03 Dec 2022 23:27:56 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 14f854b533d184bdb9d37f12dabb94bd
8cae1a86cf5d02ce6a11fcb69b06006c0d5b348f
b124018172c2e974031be3e11f6cd3db9f8c498fed97ad0ecf3b8123e9bc4921
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:27:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 02:30:52 GMT
Expires: Thu, 08 Dec 2022 02:30:51 GMT
Etag: "8cae1a86cf5d02ce6a11fcb69b06006c0d5b348f"
Cache-Control: max-age=355973,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7740136e4ade1bfe-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 1cb6d3634b94bd585dcd285bef83bf6b
ce5f7207160ac8a23eb786be8997743f90187f04
b18cd98f1bdf2306207e4ea9fab79a260cc56760756340223333770c11d8b686
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:27:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 05:21:49 GMT
Expires: Fri, 09 Dec 2022 05:21:48 GMT
Etag: "ce5f7207160ac8a23eb786be8997743f90187f04"
Cache-Control: max-age=452630,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77401371eda41bfe-OSL
fancycrab.net/sc?a=Csxn&c=WAK2PvMQc2o5oLqbZnovTV&e=gAAAAABji9t9T5LmvmbEPweIYi9353OMumtUSQSXv-Id6NLD9Z-NRKMU2k86h6Dv2qMS9H2HHHnAmJZZbMDH9EV9gMl4Leqf1gFbyeRDeCdtBxqccZjR72An1fRHfUo7DcICl14Ix6b6z8WQiTLz0-fiG-EQYyVekIeByTwnrv9BVbJ7iG81JeMh0YLNV_uhwumD-5ApZkwLOWs7Ni6khEFw0iwSuwnfM09MPmA6RmKC83jyX8iKj79WrDQmscnKUVoFMtMWbSzy8JgcRTv3b3Jgyey_RWuSWrECYJ6ujI29mGYft0gqXNwau229vJOZL3yDWFgLZ2S0GF0HI58KZrT6K8OuEV7bZaxADPZxwEv5CsRRtE6bgLxCUxsgevwEUbItNUi1uj2iKEx6Iqew_Vmt5NSMhkIQqa9fxvo6zoOH3mBHd8fXwG0kW54LKeMxrR6yv7_oVA-p90lzyZtZUPB1OEektV4a64qfMpzcqCJvmnmUqXjuPOomXHf5661r96Qh4HUKwOFU1kHuJVybJG09V1zDQM5bXVeyts7ragg9_0lkfpclj8WE1RyIIlDDVMdvZquviqdvf8_2ooSpqLclF0D2MfQ7sFRd01RDk4UvBvPzGkNlQRSybKyhtP86-nMsoN7glGSB9K_p9hws094h2Y5Hm9bB0om5r92Q0PLYYts1zkg-DMxaopX0F69OvgCBJBZbj_QQSiguw8YFculFyTB2YaoGSGHb4viPmnyc_dn-D78pI47fbz1FTCMjBd2XO811jXk-wj3eUUfhk7OV7fuNzLqhfFxQP9Q-CFXNOs416llAZae9ORQ2GfWqQY7KMUXjpE3dyDJG6oROOzLkwUadCe8Aw4vH4GBGT1YADfGuOGtlfn1Kq7UG1ggiwh3uUMF0nwZyE4nozDkZhHZmTZX43WQQoZr9PqBnGl9lzawzNub0yIhlCtOP2y7ksUW5ymhm2Fin7XTDa1RO_b1oiUtO6Ph2wt2Xmi-eBqMnrEV18QiIYOCG49gjJ7D6QEize0k-PtQH-67lzoRYasIb6ml5EtoREAv8uqXBJxND5r3qtAmrtSzJnZbJCntyNBBAdPSwYgXbcb95pcEQK9i_0ZR_uXDIKxFDN_XPk8iC0k5TBVk2h7aF77lXP95lTdr8Y8XLBSEMCd38q2VG6MUcHIfZHBjplQ_ok6A77rDLDaGncu0KuhuuXzPLxDryAIMkQbj5seSe5jO-TOFuCamBbnejc9hWzUkUeSiPZvIzGENxo7zddlc-feV4N6oiWrd9JCv_MvekK477tqUmxWuNnn8b99DgR_5TYEfr8mbFOuQGpAlMhGKisAGvDJIyfGxfSTG0wOF2dS5fyZerOScZP2JSxqSwVeMPLCR7hvoQd1mqQ39gBsJhKnDMzqE2VabQvHDXlKJOLMiYXvo43gBKodgMLIqtU_bdhz0QFphD6Sj22MTt4DOaVqzJpoHd2pajYuiTax6Ov3sHK1x996W5H2OojYryhqC-Gaep73P_bddoKwTbIKO3EjKKEz4wZM74OLMeswtmsfvAveYAcjbx-IEic3EWtbSS3ppnLy8scb81GFzxLAlVq3hMSOzSrpI4_PnHusj-3wSEV1VfpJ5jJclBIsPg2yHN7QArXK-GsRHzw3RHbt8B50hz0fDaoxRPOtfi8dagWOl3s34gZdicoaVJOxUVF770aYZ3NRG-6DBDzFv62CLm8HvdHFD111yTFK_4prCCppbU0tULWQtWTuqTrmbe0FKs1u9sfkE8GnhsvukNimDekrrd2l_wKWEgbleaeiHbz9zmRqNhff71ABwPjgSDFRhevbjIUUVvnz3QREpeX6lTMR9s_rGiFD2DDp0DpXzcucPG46Oko4JdmL4TrK7tnbu__OPaOIc6ToV4iBMxpEh_u1KuLvq8Qi1iZUH7CiSm_Lr2-cHe4tN_BJCTlyIfWdeSq9wB-Dv7pMA6Us-gqXDRvrq5Y_GubVupDCxu8vz4_KXt113QvrrzqJmO6H0E_Uzb39fPwbkBhKl37IcBctT4O_3qRhWXyXLyXDMCtxqRpBhutd8bWshChEy2X3Hx-ks_gIdxeXgE36uiVn9nHbMVndsShRTHQiVM0XdLgp9QOOdIy9VdDzMoQzT32oaMLkVFndH8JWdWPZW7ioM6TBCLaCIU_jYDacJjpX-Mj2bOF2tgMwF8Yfg77x-E7Gnjp2rnpr7LFJji5LveqFSYFxlXD9kczCZzUB9O8LO5knHiBGW3IgWpH1DIqLD6QL6Jz6jVqf1BP6SUDzqA1mMK-Ns=&f=0
168.119.67.101302 Found 848 B URL HTTP/2 fancycrab.net/sc?a=Csxn&c=WAK2PvMQc2o5oLqbZnovTV&e=gAAAAABji9t9T5LmvmbEPweIYi9353OMumtUSQSXv-Id6NLD9Z-NRKMU2k86h6Dv2qMS9H2HHHnAmJZZbMDH9EV9gMl4Leqf1gFbyeRDeCdtBxqccZjR72An1fRHfUo7DcICl14Ix6b6z8WQiTLz0-fiG-EQYyVekIeByTwnrv9BVbJ7iG81JeMh0YLNV_uhwumD-5ApZkwLOWs7Ni6khEFw0iwSuwnfM09MPmA6RmKC83jyX8iKj79WrDQmscnKUVoFMtMWbSzy8JgcRTv3b3Jgyey_RWuSWrECYJ6ujI29mGYft0gqXNwau229vJOZL3yDWFgLZ2S0GF0HI58KZrT6K8OuEV7bZaxADPZxwEv5CsRRtE6bgLxCUxsgevwEUbItNUi1uj2iKEx6Iqew_Vmt5NSMhkIQqa9fxvo6zoOH3mBHd8fXwG0kW54LKeMxrR6yv7_oVA-p90lzyZtZUPB1OEektV4a64qfMpzcqCJvmnmUqXjuPOomXHf5661r96Qh4HUKwOFU1kHuJVybJG09V1zDQM5bXVeyts7ragg9_0lkfpclj8WE1RyIIlDDVMdvZquviqdvf8_2ooSpqLclF0D2MfQ7sFRd01RDk4UvBvPzGkNlQRSybKyhtP86-nMsoN7glGSB9K_p9hws094h2Y5Hm9bB0om5r92Q0PLYYts1zkg-DMxaopX0F69OvgCBJBZbj_QQSiguw8YFculFyTB2YaoGSGHb4viPmnyc_dn-D78pI47fbz1FTCMjBd2XO811jXk-wj3eUUfhk7OV7fuNzLqhfFxQP9Q-CFXNOs416llAZae9ORQ2GfWqQY7KMUXjpE3dyDJG6oROOzLkwUadCe8Aw4vH4GBGT1YADfGuOGtlfn1Kq7UG1ggiwh3uUMF0nwZyE4nozDkZhHZmTZX43WQQoZr9PqBnGl9lzawzNub0yIhlCtOP2y7ksUW5ymhm2Fin7XTDa1RO_b1oiUtO6Ph2wt2Xmi-eBqMnrEV18QiIYOCG49gjJ7D6QEize0k-PtQH-67lzoRYasIb6ml5EtoREAv8uqXBJxND5r3qtAmrtSzJnZbJCntyNBBAdPSwYgXbcb95pcEQK9i_0ZR_uXDIKxFDN_XPk8iC0k5TBVk2h7aF77lXP95lTdr8Y8XLBSEMCd38q2VG6MUcHIfZHBjplQ_ok6A77rDLDaGncu0KuhuuXzPLxDryAIMkQbj5seSe5jO-TOFuCamBbnejc9hWzUkUeSiPZvIzGENxo7zddlc-feV4N6oiWrd9JCv_MvekK477tqUmxWuNnn8b99DgR_5TYEfr8mbFOuQGpAlMhGKisAGvDJIyfGxfSTG0wOF2dS5fyZerOScZP2JSxqSwVeMPLCR7hvoQd1mqQ39gBsJhKnDMzqE2VabQvHDXlKJOLMiYXvo43gBKodgMLIqtU_bdhz0QFphD6Sj22MTt4DOaVqzJpoHd2pajYuiTax6Ov3sHK1x996W5H2OojYryhqC-Gaep73P_bddoKwTbIKO3EjKKEz4wZM74OLMeswtmsfvAveYAcjbx-IEic3EWtbSS3ppnLy8scb81GFzxLAlVq3hMSOzSrpI4_PnHusj-3wSEV1VfpJ5jJclBIsPg2yHN7QArXK-GsRHzw3RHbt8B50hz0fDaoxRPOtfi8dagWOl3s34gZdicoaVJOxUVF770aYZ3NRG-6DBDzFv62CLm8HvdHFD111yTFK_4prCCppbU0tULWQtWTuqTrmbe0FKs1u9sfkE8GnhsvukNimDekrrd2l_wKWEgbleaeiHbz9zmRqNhff71ABwPjgSDFRhevbjIUUVvnz3QREpeX6lTMR9s_rGiFD2DDp0DpXzcucPG46Oko4JdmL4TrK7tnbu__OPaOIc6ToV4iBMxpEh_u1KuLvq8Qi1iZUH7CiSm_Lr2-cHe4tN_BJCTlyIfWdeSq9wB-Dv7pMA6Us-gqXDRvrq5Y_GubVupDCxu8vz4_KXt113QvrrzqJmO6H0E_Uzb39fPwbkBhKl37IcBctT4O_3qRhWXyXLyXDMCtxqRpBhutd8bWshChEy2X3Hx-ks_gIdxeXgE36uiVn9nHbMVndsShRTHQiVM0XdLgp9QOOdIy9VdDzMoQzT32oaMLkVFndH8JWdWPZW7ioM6TBCLaCIU_jYDacJjpX-Mj2bOF2tgMwF8Yfg77x-E7Gnjp2rnpr7LFJji5LveqFSYFxlXD9kczCZzUB9O8LO5knHiBGW3IgWpH1DIqLD6QL6Jz6jVqf1BP6SUDzqA1mMK-Ns=&f=0
IP 168.119.67.101:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (846)
Hash b050b6cfe405285ae8ea3b0227e0711b
51dab77e6939774e1896d5cf65f95ba0136b0269
30c090bdf7cf8b0fb87cf20e9da9d8754473b9c4623326c7c69199e6f41d4728
GET /sc?a=Csxn&c=WAK2PvMQc2o5oLqbZnovTV&e=gAAAAABji9t9T5LmvmbEPweIYi9353OMumtUSQSXv-Id6NLD9Z-NRKMU2k86h6Dv2qMS9H2HHHnAmJZZbMDH9EV9gMl4Leqf1gFbyeRDeCdtBxqccZjR72An1fRHfUo7DcICl14Ix6b6z8WQiTLz0-fiG-EQYyVekIeByTwnrv9BVbJ7iG81JeMh0YLNV_uhwumD-5ApZkwLOWs7Ni6khEFw0iwSuwnfM09MPmA6RmKC83jyX8iKj79WrDQmscnKUVoFMtMWbSzy8JgcRTv3b3Jgyey_RWuSWrECYJ6ujI29mGYft0gqXNwau229vJOZL3yDWFgLZ2S0GF0HI58KZrT6K8OuEV7bZaxADPZxwEv5CsRRtE6bgLxCUxsgevwEUbItNUi1uj2iKEx6Iqew_Vmt5NSMhkIQqa9fxvo6zoOH3mBHd8fXwG0kW54LKeMxrR6yv7_oVA-p90lzyZtZUPB1OEektV4a64qfMpzcqCJvmnmUqXjuPOomXHf5661r96Qh4HUKwOFU1kHuJVybJG09V1zDQM5bXVeyts7ragg9_0lkfpclj8WE1RyIIlDDVMdvZquviqdvf8_2ooSpqLclF0D2MfQ7sFRd01RDk4UvBvPzGkNlQRSybKyhtP86-nMsoN7glGSB9K_p9hws094h2Y5Hm9bB0om5r92Q0PLYYts1zkg-DMxaopX0F69OvgCBJBZbj_QQSiguw8YFculFyTB2YaoGSGHb4viPmnyc_dn-D78pI47fbz1FTCMjBd2XO811jXk-wj3eUUfhk7OV7fuNzLqhfFxQP9Q-CFXNOs416llAZae9ORQ2GfWqQY7KMUXjpE3dyDJG6oROOzLkwUadCe8Aw4vH4GBGT1YADfGuOGtlfn1Kq7UG1ggiwh3uUMF0nwZyE4nozDkZhHZmTZX43WQQoZr9PqBnGl9lzawzNub0yIhlCtOP2y7ksUW5ymhm2Fin7XTDa1RO_b1oiUtO6Ph2wt2Xmi-eBqMnrEV18QiIYOCG49gjJ7D6QEize0k-PtQH-67lzoRYasIb6ml5EtoREAv8uqXBJxND5r3qtAmrtSzJnZbJCntyNBBAdPSwYgXbcb95pcEQK9i_0ZR_uXDIKxFDN_XPk8iC0k5TBVk2h7aF77lXP95lTdr8Y8XLBSEMCd38q2VG6MUcHIfZHBjplQ_ok6A77rDLDaGncu0KuhuuXzPLxDryAIMkQbj5seSe5jO-TOFuCamBbnejc9hWzUkUeSiPZvIzGENxo7zddlc-feV4N6oiWrd9JCv_MvekK477tqUmxWuNnn8b99DgR_5TYEfr8mbFOuQGpAlMhGKisAGvDJIyfGxfSTG0wOF2dS5fyZerOScZP2JSxqSwVeMPLCR7hvoQd1mqQ39gBsJhKnDMzqE2VabQvHDXlKJOLMiYXvo43gBKodgMLIqtU_bdhz0QFphD6Sj22MTt4DOaVqzJpoHd2pajYuiTax6Ov3sHK1x996W5H2OojYryhqC-Gaep73P_bddoKwTbIKO3EjKKEz4wZM74OLMeswtmsfvAveYAcjbx-IEic3EWtbSS3ppnLy8scb81GFzxLAlVq3hMSOzSrpI4_PnHusj-3wSEV1VfpJ5jJclBIsPg2yHN7QArXK-GsRHzw3RHbt8B50hz0fDaoxRPOtfi8dagWOl3s34gZdicoaVJOxUVF770aYZ3NRG-6DBDzFv62CLm8HvdHFD111yTFK_4prCCppbU0tULWQtWTuqTrmbe0FKs1u9sfkE8GnhsvukNimDekrrd2l_wKWEgbleaeiHbz9zmRqNhff71ABwPjgSDFRhevbjIUUVvnz3QREpeX6lTMR9s_rGiFD2DDp0DpXzcucPG46Oko4JdmL4TrK7tnbu__OPaOIc6ToV4iBMxpEh_u1KuLvq8Qi1iZUH7CiSm_Lr2-cHe4tN_BJCTlyIfWdeSq9wB-Dv7pMA6Us-gqXDRvrq5Y_GubVupDCxu8vz4_KXt113QvrrzqJmO6H0E_Uzb39fPwbkBhKl37IcBctT4O_3qRhWXyXLyXDMCtxqRpBhutd8bWshChEy2X3Hx-ks_gIdxeXgE36uiVn9nHbMVndsShRTHQiVM0XdLgp9QOOdIy9VdDzMoQzT32oaMLkVFndH8JWdWPZW7ioM6TBCLaCIU_jYDacJjpX-Mj2bOF2tgMwF8Yfg77x-E7Gnjp2rnpr7LFJji5LveqFSYFxlXD9kczCZzUB9O8LO5knHiBGW3IgWpH1DIqLD6QL6Jz6jVqf1BP6SUDzqA1mMK-Ns=&f=0 HTTP/1.1
Host: fancycrab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fancycrab.net/click?a=Csxn&e=gAAAAABji9t9xxelKFIpGgXjtL3lV9ZNO8ANdf7eDcJgJ54LNHMK6gIjNYg9pTPEJXAVAy-_qm7HLJA-mZTs8xtLvO431LIt8NNMlNmlE_SjE3600WrZ4UZ2DxixxFBsHJgTb7ciKHMzwWZX7LWn6eaNFfuKUHoBwmSSPPVdhFD516MZeF1yxSf8w7LlL6X98s0PzXfmQha3pXnJqzm4BHzU7WOC9yUr6bL6rwyChaXNZpEqw3Ii173kL7_MUpU2QbfIBegY3WFM3YJrox17f5HkoFL1Boafio9DVKhXH0yfBNeFvGcJ9f1NehXno7qUt02JyE_fHhDeVU1k3hhJO7WFxxeTeEcudGfksAxMzjrUUPKA1s41v8Y3AEzpbRzsqkLXH8FfyxUD1tL7Kf0O9P-0SVVBiWsnUNhQj2FW-2V9YfSAobD5CCIn12AmqhT_cGDJteSJmjqymWHNhrxsdX5b_zScoibykw9-5lqU0bC-0CZxvFxGZHrJOJNf1v-EjSFf6qpuvaKSfV_hkpAU2SmyRYWlLzduiqUe3Oz9oHLzrhli_P6IeMINbqQmmfo2XxicXwEfbHd1GxLUUFQMorpv0MlAWm_BV0kWWWdgwKafRa-0nQMSE7RGL4AQ-9CaQN4PnJHS4rQLk3WTsarvlHpWEgOxNZ7AZVyyNK8nfC5aLd7USM8wZf7SIlYB4VLOGjpqcQX8wgOgGPWSgff3eBelILFAC_T2ZMjsm2claBmDVExy8-4Ns7vIQ1D36siOVZzWjdO8-cFUyrRbJ6OUMnGy4LI6fQz18yYQq99VSel5gbFfqGGgQVgcDZhlFrRBxIqEjW1RC3D1Zp68IWEf0rrEYapxrEzIX4-ux19fJiADyA39d93gw1YRCc0hxTNTT7UM6LNd-iffz-30Qcp-O-7OIbUoxOrp_ZaXKOlKD5ObFzaFdxLyP0FofXMr-46Oknd8vSEejBgtQGyW5s5NbiLbz4zPqejrt7QQUgRfHixnwuvOyENfruNmdIBSTRtmAHPcHaf11QKMzZjA6T73kwhj3qIfu2zI0MTkDzsv8h4fIRoZFUT465YullTFnvzXE8QGqPK3rrP6aIU16ZP3UWJzdst9DxzrKaPF2tqdQWtmZko4rdiDHxRRegGpj5S4tmoLqK0o1Ob42PcGWFoZl594865bcxAnPJebNJiSyuW6WqMrALgr8ffrEYSR1cH397TADhjmARyrcafyKst9dxrc132F3K78Okzt-JUwfDkdAgSwGRQIDsKCYTpiNcdp7u48kPOx5Hn5V5vv5frHriR_jRcVDRe9EUTF3bn4tmHmUTXmdIdZchB21C1WTdjm351d7KLmwBQQ0Tl14mEprSslpvBE6ODxYMCnZDJieW1M5G-eLvzXKdLUQ-wSDVnPQypryjLKuqXxFrrD0igtUqQqbNFeH5TgzUjETE4bTtPi2psmhi824GyskElEpkF8ZsJMwh0_Zw3FM5yumuCbcLYl6w_Z2P0p-9fl5lsrUfbRWcJORqj20oNrETF_x2rKFQAZyNXqjQFF-Uf9FiMOKadahglftQI2NwpGLBOpA0anLowJjicAkOGbgy52zk5_TIYgX75jPETVYE2nvYMrCoKWUz7dzXrQiOHoTJPWghcxCRF0Qtj7SxB_k-HDtX1V33kZeZJm52CTQV3vXgt2HNXiA9st113YaChCQ76HxY--RDw5x2PxjTlKMxOl5Nx7Lk6LXbdAFLOI8IKRGrQYx1_ZDUXCJ29aLJbHlLvUjVnZvtMq9ZvmPjUUJSQ63rMWQwGcDvbWK2rPb48hbKYqqksI5PHc5DLuFkx1Ei-sdOArg0FzhuaCwnPCbT1ZbydMVmwIgEpMxddP3CBNSqb-tolMZqaU1HzlwkIIT_bRvbnsKH-rkOE2yjz7ifMyUPOVj71ua0RMVLdt_rO80kUElgerLFaeO17NS7dB1hQI1n0pL4mPISGuAPwZefgKsUei-W2pQpZcwpHh2I0npOclCwe0SKXID8yoCtfYt6zlzYyabcKmhGyL0D7U6OKcQbGzlNtwPMpN8TT58pEcEzNi_2jhPnYV93p6QzhruzgyJmXauSYwzXWB018KEoBiQEFdVyRgLb5nWVoD-vr-XciBaPoKdas_oUwb7vctm6Ksqfr9uQH12cSKJATDJ9_RN47F4grlhDHw5VJSM_P1U4lPyoVK5xhdBJ7pNgnulfBBHQcOpE_x9mn6cbg3lPMMpNx1vRKu3Y-4lfbq0OcwcwyXFDvg4Miv8JNnaJ3EQ7iIexFImcnewFwJTUQ%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.1
date: Sat, 03 Dec 2022 23:27:58 GMT
content-type: text/html; charset=utf-8
content-length: 848
location: http://s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--
95.211.229.247200 OK 1.1 kB URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1473)
Hash a76d56b04ef5203f378e92dcd29e21ea
2f71636ecbdaaf238a69d003b9907003a096a903
6effacc554977f67a33e8cbaf7ec371ab2378c6d657fc2894d39c96815c3021c
GET /cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ-- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 23:27:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638bdb7e27a3d6.769812871209119720%22%3B%7D; expires=Mon, 02 Dec 2024 23:27:58 GMT; path=; domain=.optnx.com;
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
95.211.229.247302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--&p=http%3A%2F%2Fadeum.com&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1280x939&iframe=0 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.optnx.com/cimp.php?data=TVRZM01ERXhNREEzTjN4bFlXSmlZbVF3WW1Jd016STRaRGczWlRSak9XTTJNVFZrTm1Vek1HSXlNQS0tfGh0dHA6Ly9ldS5kc3BzdXBlci5jb20vYXBpL3N1Ym1pdF9mb3JtX3JlcXVlc3Q_cD1kOTBiZWUwNS00Y2Y0LTQzOGQtOTc5Yi1hOGFhOGY2MWZiNTEmdHM9MTY3MDExMDA3NyZ6PTQ4MDc2NzAmZXhvX2NpZD0zNDA5NjIzfGh0dHB8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZGV1bS5jb218NDk0MjI0fDcxMjE5Mnw5NDQ0Njh8NDU1Nzg2Mnw1MTF8MzQwOTYyM3wzNTE0ODEyOXw0MHwzfDB8MHwyNTM0NHwwfDc4LjR8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHw4NHwyfDB8fDg2OTkxNDUxM3wxOWUwYTNkM2U5NTRmODkxMGRkZDdkMjBiMTFjOTVlZXwxfDB8cHMucG9wY2FzaC5uZXR8MHwwfDB8MC4wNHwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwyfDMxNDMyNDR8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wfHxPS3xmZDkzOTcxNWQwNjkyOTZmMmQyY2I5YjFiNzdiMmJmYQ--
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638bdb7e27a3d6.769812871209119720%22%3B%7D
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 23:27:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638bdb7e27a3d6.769812871209119720%22%3B%7D; expires=Mon, 02 Dec 2024 23:27:58 GMT; path=; domain=.optnx.com;
Location: http://eu.dspsuper.com/api/submit_form_request?p=d90bee05-4cf4-438d-979b-a8aa8f61fb51&ts=1670110077&z=4807670&exo_cid=3409623&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-
X-Robots-Tag: noindex, follow
fancycrab.net/click?a=Csxn&e=gAAAAABji9t9xxelKFIpGgXjtL3lV9ZNO8ANdf7eDcJgJ54LNHMK6gIjNYg9pTPEJXAVAy-_qm7HLJA-mZTs8xtLvO431LIt8NNMlNmlE_SjE3600WrZ4UZ2DxixxFBsHJgTb7ciKHMzwWZX7LWn6eaNFfuKUHoBwmSSPPVdhFD516MZeF1yxSf8w7LlL6X98s0PzXfmQha3pXnJqzm4BHzU7WOC9yUr6bL6rwyChaXNZpEqw3Ii173kL7_MUpU2QbfIBegY3WFM3YJrox17f5HkoFL1Boafio9DVKhXH0yfBNeFvGcJ9f1NehXno7qUt02JyE_fHhDeVU1k3hhJO7WFxxeTeEcudGfksAxMzjrUUPKA1s41v8Y3AEzpbRzsqkLXH8FfyxUD1tL7Kf0O9P-0SVVBiWsnUNhQj2FW-2V9YfSAobD5CCIn12AmqhT_cGDJteSJmjqymWHNhrxsdX5b_zScoibykw9-5lqU0bC-0CZxvFxGZHrJOJNf1v-EjSFf6qpuvaKSfV_hkpAU2SmyRYWlLzduiqUe3Oz9oHLzrhli_P6IeMINbqQmmfo2XxicXwEfbHd1GxLUUFQMorpv0MlAWm_BV0kWWWdgwKafRa-0nQMSE7RGL4AQ-9CaQN4PnJHS4rQLk3WTsarvlHpWEgOxNZ7AZVyyNK8nfC5aLd7USM8wZf7SIlYB4VLOGjpqcQX8wgOgGPWSgff3eBelILFAC_T2ZMjsm2claBmDVExy8-4Ns7vIQ1D36siOVZzWjdO8-cFUyrRbJ6OUMnGy4LI6fQz18yYQq99VSel5gbFfqGGgQVgcDZhlFrRBxIqEjW1RC3D1Zp68IWEf0rrEYapxrEzIX4-ux19fJiADyA39d93gw1YRCc0hxTNTT7UM6LNd-iffz-30Qcp-O-7OIbUoxOrp_ZaXKOlKD5ObFzaFdxLyP0FofXMr-46Oknd8vSEejBgtQGyW5s5NbiLbz4zPqejrt7QQUgRfHixnwuvOyENfruNmdIBSTRtmAHPcHaf11QKMzZjA6T73kwhj3qIfu2zI0MTkDzsv8h4fIRoZFUT465YullTFnvzXE8QGqPK3rrP6aIU16ZP3UWJzdst9DxzrKaPF2tqdQWtmZko4rdiDHxRRegGpj5S4tmoLqK0o1Ob42PcGWFoZl594865bcxAnPJebNJiSyuW6WqMrALgr8ffrEYSR1cH397TADhjmARyrcafyKst9dxrc132F3K78Okzt-JUwfDkdAgSwGRQIDsKCYTpiNcdp7u48kPOx5Hn5V5vv5frHriR_jRcVDRe9EUTF3bn4tmHmUTXmdIdZchB21C1WTdjm351d7KLmwBQQ0Tl14mEprSslpvBE6ODxYMCnZDJieW1M5G-eLvzXKdLUQ-wSDVnPQypryjLKuqXxFrrD0igtUqQqbNFeH5TgzUjETE4bTtPi2psmhi824GyskElEpkF8ZsJMwh0_Zw3FM5yumuCbcLYl6w_Z2P0p-9fl5lsrUfbRWcJORqj20oNrETF_x2rKFQAZyNXqjQFF-Uf9FiMOKadahglftQI2NwpGLBOpA0anLowJjicAkOGbgy52zk5_TIYgX75jPETVYE2nvYMrCoKWUz7dzXrQiOHoTJPWghcxCRF0Qtj7SxB_k-HDtX1V33kZeZJm52CTQV3vXgt2HNXiA9st113YaChCQ76HxY--RDw5x2PxjTlKMxOl5Nx7Lk6LXbdAFLOI8IKRGrQYx1_ZDUXCJ29aLJbHlLvUjVnZvtMq9ZvmPjUUJSQ63rMWQwGcDvbWK2rPb48hbKYqqksI5PHc5DLuFkx1Ei-sdOArg0FzhuaCwnPCbT1ZbydMVmwIgEpMxddP3CBNSqb-tolMZqaU1HzlwkIIT_bRvbnsKH-rkOE2yjz7ifMyUPOVj71ua0RMVLdt_rO80kUElgerLFaeO17NS7dB1hQI1n0pL4mPISGuAPwZefgKsUei-W2pQpZcwpHh2I0npOclCwe0SKXID8yoCtfYt6zlzYyabcKmhGyL0D7U6OKcQbGzlNtwPMpN8TT58pEcEzNi_2jhPnYV93p6QzhruzgyJmXauSYwzXWB018KEoBiQEFdVyRgLb5nWVoD-vr-XciBaPoKdas_oUwb7vctm6Ksqfr9uQH12cSKJATDJ9_RN47F4grlhDHw5VJSM_P1U4lPyoVK5xhdBJ7pNgnulfBBHQcOpE_x9mn6cbg3lPMMpNx1vRKu3Y-4lfbq0OcwcwyXFDvg4Miv8JNnaJ3EQ7iIexFImcnewFwJTUQ%3D
168.119.67.101200 OK 7.8 kB URL HTTP/2 fancycrab.net/click?a=Csxn&e=gAAAAABji9t9xxelKFIpGgXjtL3lV9ZNO8ANdf7eDcJgJ54LNHMK6gIjNYg9pTPEJXAVAy-_qm7HLJA-mZTs8xtLvO431LIt8NNMlNmlE_SjE3600WrZ4UZ2DxixxFBsHJgTb7ciKHMzwWZX7LWn6eaNFfuKUHoBwmSSPPVdhFD516MZeF1yxSf8w7LlL6X98s0PzXfmQha3pXnJqzm4BHzU7WOC9yUr6bL6rwyChaXNZpEqw3Ii173kL7_MUpU2QbfIBegY3WFM3YJrox17f5HkoFL1Boafio9DVKhXH0yfBNeFvGcJ9f1NehXno7qUt02JyE_fHhDeVU1k3hhJO7WFxxeTeEcudGfksAxMzjrUUPKA1s41v8Y3AEzpbRzsqkLXH8FfyxUD1tL7Kf0O9P-0SVVBiWsnUNhQj2FW-2V9YfSAobD5CCIn12AmqhT_cGDJteSJmjqymWHNhrxsdX5b_zScoibykw9-5lqU0bC-0CZxvFxGZHrJOJNf1v-EjSFf6qpuvaKSfV_hkpAU2SmyRYWlLzduiqUe3Oz9oHLzrhli_P6IeMINbqQmmfo2XxicXwEfbHd1GxLUUFQMorpv0MlAWm_BV0kWWWdgwKafRa-0nQMSE7RGL4AQ-9CaQN4PnJHS4rQLk3WTsarvlHpWEgOxNZ7AZVyyNK8nfC5aLd7USM8wZf7SIlYB4VLOGjpqcQX8wgOgGPWSgff3eBelILFAC_T2ZMjsm2claBmDVExy8-4Ns7vIQ1D36siOVZzWjdO8-cFUyrRbJ6OUMnGy4LI6fQz18yYQq99VSel5gbFfqGGgQVgcDZhlFrRBxIqEjW1RC3D1Zp68IWEf0rrEYapxrEzIX4-ux19fJiADyA39d93gw1YRCc0hxTNTT7UM6LNd-iffz-30Qcp-O-7OIbUoxOrp_ZaXKOlKD5ObFzaFdxLyP0FofXMr-46Oknd8vSEejBgtQGyW5s5NbiLbz4zPqejrt7QQUgRfHixnwuvOyENfruNmdIBSTRtmAHPcHaf11QKMzZjA6T73kwhj3qIfu2zI0MTkDzsv8h4fIRoZFUT465YullTFnvzXE8QGqPK3rrP6aIU16ZP3UWJzdst9DxzrKaPF2tqdQWtmZko4rdiDHxRRegGpj5S4tmoLqK0o1Ob42PcGWFoZl594865bcxAnPJebNJiSyuW6WqMrALgr8ffrEYSR1cH397TADhjmARyrcafyKst9dxrc132F3K78Okzt-JUwfDkdAgSwGRQIDsKCYTpiNcdp7u48kPOx5Hn5V5vv5frHriR_jRcVDRe9EUTF3bn4tmHmUTXmdIdZchB21C1WTdjm351d7KLmwBQQ0Tl14mEprSslpvBE6ODxYMCnZDJieW1M5G-eLvzXKdLUQ-wSDVnPQypryjLKuqXxFrrD0igtUqQqbNFeH5TgzUjETE4bTtPi2psmhi824GyskElEpkF8ZsJMwh0_Zw3FM5yumuCbcLYl6w_Z2P0p-9fl5lsrUfbRWcJORqj20oNrETF_x2rKFQAZyNXqjQFF-Uf9FiMOKadahglftQI2NwpGLBOpA0anLowJjicAkOGbgy52zk5_TIYgX75jPETVYE2nvYMrCoKWUz7dzXrQiOHoTJPWghcxCRF0Qtj7SxB_k-HDtX1V33kZeZJm52CTQV3vXgt2HNXiA9st113YaChCQ76HxY--RDw5x2PxjTlKMxOl5Nx7Lk6LXbdAFLOI8IKRGrQYx1_ZDUXCJ29aLJbHlLvUjVnZvtMq9ZvmPjUUJSQ63rMWQwGcDvbWK2rPb48hbKYqqksI5PHc5DLuFkx1Ei-sdOArg0FzhuaCwnPCbT1ZbydMVmwIgEpMxddP3CBNSqb-tolMZqaU1HzlwkIIT_bRvbnsKH-rkOE2yjz7ifMyUPOVj71ua0RMVLdt_rO80kUElgerLFaeO17NS7dB1hQI1n0pL4mPISGuAPwZefgKsUei-W2pQpZcwpHh2I0npOclCwe0SKXID8yoCtfYt6zlzYyabcKmhGyL0D7U6OKcQbGzlNtwPMpN8TT58pEcEzNi_2jhPnYV93p6QzhruzgyJmXauSYwzXWB018KEoBiQEFdVyRgLb5nWVoD-vr-XciBaPoKdas_oUwb7vctm6Ksqfr9uQH12cSKJATDJ9_RN47F4grlhDHw5VJSM_P1U4lPyoVK5xhdBJ7pNgnulfBBHQcOpE_x9mn6cbg3lPMMpNx1vRKu3Y-4lfbq0OcwcwyXFDvg4Miv8JNnaJ3EQ7iIexFImcnewFwJTUQ%3D
IP 168.119.67.101:0
ASN #24940 Hetzner Online GmbH
Hash dbc040fe4b399207526622a194fc68b8
7ebed87aa19a0d05f8cb56a7cc76aaf61bacb975
74931b94e984e7173f06ba92996adcc7fcc3716f390869100e162f8acc221401
GET /click?a=Csxn&e=gAAAAABji9t9xxelKFIpGgXjtL3lV9ZNO8ANdf7eDcJgJ54LNHMK6gIjNYg9pTPEJXAVAy-_qm7HLJA-mZTs8xtLvO431LIt8NNMlNmlE_SjE3600WrZ4UZ2DxixxFBsHJgTb7ciKHMzwWZX7LWn6eaNFfuKUHoBwmSSPPVdhFD516MZeF1yxSf8w7LlL6X98s0PzXfmQha3pXnJqzm4BHzU7WOC9yUr6bL6rwyChaXNZpEqw3Ii173kL7_MUpU2QbfIBegY3WFM3YJrox17f5HkoFL1Boafio9DVKhXH0yfBNeFvGcJ9f1NehXno7qUt02JyE_fHhDeVU1k3hhJO7WFxxeTeEcudGfksAxMzjrUUPKA1s41v8Y3AEzpbRzsqkLXH8FfyxUD1tL7Kf0O9P-0SVVBiWsnUNhQj2FW-2V9YfSAobD5CCIn12AmqhT_cGDJteSJmjqymWHNhrxsdX5b_zScoibykw9-5lqU0bC-0CZxvFxGZHrJOJNf1v-EjSFf6qpuvaKSfV_hkpAU2SmyRYWlLzduiqUe3Oz9oHLzrhli_P6IeMINbqQmmfo2XxicXwEfbHd1GxLUUFQMorpv0MlAWm_BV0kWWWdgwKafRa-0nQMSE7RGL4AQ-9CaQN4PnJHS4rQLk3WTsarvlHpWEgOxNZ7AZVyyNK8nfC5aLd7USM8wZf7SIlYB4VLOGjpqcQX8wgOgGPWSgff3eBelILFAC_T2ZMjsm2claBmDVExy8-4Ns7vIQ1D36siOVZzWjdO8-cFUyrRbJ6OUMnGy4LI6fQz18yYQq99VSel5gbFfqGGgQVgcDZhlFrRBxIqEjW1RC3D1Zp68IWEf0rrEYapxrEzIX4-ux19fJiADyA39d93gw1YRCc0hxTNTT7UM6LNd-iffz-30Qcp-O-7OIbUoxOrp_ZaXKOlKD5ObFzaFdxLyP0FofXMr-46Oknd8vSEejBgtQGyW5s5NbiLbz4zPqejrt7QQUgRfHixnwuvOyENfruNmdIBSTRtmAHPcHaf11QKMzZjA6T73kwhj3qIfu2zI0MTkDzsv8h4fIRoZFUT465YullTFnvzXE8QGqPK3rrP6aIU16ZP3UWJzdst9DxzrKaPF2tqdQWtmZko4rdiDHxRRegGpj5S4tmoLqK0o1Ob42PcGWFoZl594865bcxAnPJebNJiSyuW6WqMrALgr8ffrEYSR1cH397TADhjmARyrcafyKst9dxrc132F3K78Okzt-JUwfDkdAgSwGRQIDsKCYTpiNcdp7u48kPOx5Hn5V5vv5frHriR_jRcVDRe9EUTF3bn4tmHmUTXmdIdZchB21C1WTdjm351d7KLmwBQQ0Tl14mEprSslpvBE6ODxYMCnZDJieW1M5G-eLvzXKdLUQ-wSDVnPQypryjLKuqXxFrrD0igtUqQqbNFeH5TgzUjETE4bTtPi2psmhi824GyskElEpkF8ZsJMwh0_Zw3FM5yumuCbcLYl6w_Z2P0p-9fl5lsrUfbRWcJORqj20oNrETF_x2rKFQAZyNXqjQFF-Uf9FiMOKadahglftQI2NwpGLBOpA0anLowJjicAkOGbgy52zk5_TIYgX75jPETVYE2nvYMrCoKWUz7dzXrQiOHoTJPWghcxCRF0Qtj7SxB_k-HDtX1V33kZeZJm52CTQV3vXgt2HNXiA9st113YaChCQ76HxY--RDw5x2PxjTlKMxOl5Nx7Lk6LXbdAFLOI8IKRGrQYx1_ZDUXCJ29aLJbHlLvUjVnZvtMq9ZvmPjUUJSQ63rMWQwGcDvbWK2rPb48hbKYqqksI5PHc5DLuFkx1Ei-sdOArg0FzhuaCwnPCbT1ZbydMVmwIgEpMxddP3CBNSqb-tolMZqaU1HzlwkIIT_bRvbnsKH-rkOE2yjz7ifMyUPOVj71ua0RMVLdt_rO80kUElgerLFaeO17NS7dB1hQI1n0pL4mPISGuAPwZefgKsUei-W2pQpZcwpHh2I0npOclCwe0SKXID8yoCtfYt6zlzYyabcKmhGyL0D7U6OKcQbGzlNtwPMpN8TT58pEcEzNi_2jhPnYV93p6QzhruzgyJmXauSYwzXWB018KEoBiQEFdVyRgLb5nWVoD-vr-XciBaPoKdas_oUwb7vctm6Ksqfr9uQH12cSKJATDJ9_RN47F4grlhDHw5VJSM_P1U4lPyoVK5xhdBJ7pNgnulfBBHQcOpE_x9mn6cbg3lPMMpNx1vRKu3Y-4lfbq0OcwcwyXFDvg4Miv8JNnaJ3EQ7iIexFImcnewFwJTUQ%3D HTTP/1.1
Host: fancycrab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.1
date: Sat, 03 Dec 2022 23:27:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
eu.dspsuper.com/api/win_request?ad_scheme=1&p=d90bee05-4cf4-438d-979b-a8aa8f61fb51&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3Dd90bee05-4cf4-438d-979b-a8aa8f61fb51%26ts%3D1670110077%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100
139.45.195.207301 Moved Permanently 175 B URL HTTP/1.1 eu.dspsuper.com/api/win_request?ad_scheme=1&p=d90bee05-4cf4-438d-979b-a8aa8f61fb51&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3Dd90bee05-4cf4-438d-979b-a8aa8f61fb51%26ts%3D1670110077%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100
IP 139.45.195.207:0
File type HTML document, ASCII text
Hash 35467061f6a7ad92fb16c853e98c862e
649e00f4bf484c9365053d62880c06430609f124
5bd4345b533bdc1b860f52e04c088541d811c52036ae66443a1e4122d372a7d5
Analyzer Verdict Alert quad9 Sinkholed
GET /api/win_request?ad_scheme=1&p=d90bee05-4cf4-438d-979b-a8aa8f61fb51&hil=1&ng=1&ix=0&pt=0&np=0&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Feu.dspsuper.com%2Fapi%2Fsubmit_form_request%3Fp%3Dd90bee05-4cf4-438d-979b-a8aa8f61fb51%26ts%3D1670110077%26z%3D4807670%26exo_cid%3D3409623%26exffir%3DeyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDkzOSIsImkiOiIwIn0-&wy=-1&wx=-1&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&navlng=en-US&rf=http%3A%2F%2Fs.optnx.com%2F&wgl=&as=100 HTTP/1.1
Host: eu.dspsuper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4807670&feedId=746
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Dec 2022 23:27:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=623049432594132992&subid1=4807670&cost=0.002240
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
eu.dspsuper.com/favicon.ico
139.45.195.207404 Not Found 19 B URL HTTP/1.1 eu.dspsuper.com/favicon.ico
IP 139.45.195.207:0
Hash 595e88012a6521aae3e12cbebe76eb9e
da3968197e7bf67aa45a77515b52ba2710c5fc34
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: eu.dspsuper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eu.dspsuper.com/api/reverse?var=4807670&feedId=746
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 03 Dec 2022 23:27:58 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3932bf3de5bea575220705c973d5084b
7512b536b95540d3e95207f6d7a21cceb286ea26
459ee29f6f4d80c764c8fe50d3cf6721db55fa6fbdce56214a240675793c589b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "459EE29F6F4D80C764C8FE50D3CF6721DB55FA6FBDCE56214A240675793C589B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8228
Expires: Sun, 04 Dec 2022 01:45:06 GMT
Date: Sat, 03 Dec 2022 23:27:58 GMT
Connection: keep-alive
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=623049432594132992&subid1=4807670&cost=0.002240
157.90.33.73302 Found 0 B URL HTTP/2 eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=623049432594132992&subid1=4807670&cost=0.002240
IP 157.90.33.73:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=623049432594132992&subid1=4807670&cost=0.002240 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://eu.dspsuper.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Dec 2022 23:27:58 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=715734&geo=NO&device=desktop
set-cookie: rauid=UXnOoeU2QVOe8XMxfsi-iw; expires=Sun, 03 Dec 2023 23:27:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=715734&geo=NO&device=desktop
35.227.234.222302 Found 0 B URL HTTP/1.1 35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=715734&geo=NO&device=desktop
IP 35.227.234.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /2/PU_NO_SB_DT_KINDRED?source=715734&geo=NO&device=desktop HTTP/1.1
Host: 35.227.234.222
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 03 Dec 2022 23:27:58 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 03 Dec 2022 23:27:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Dec 2022 23:27:59 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d; domain=.unibet.com; expires=Mon, 03-Dec-3021 23:27:59 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=97
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 03 Dec 2022 23:27:59 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
set-cookie: JSESSIONID=node01vr5vektkwyvd90n3dun7tbkk2442769.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01vr5vektkwyvd90n3dun7tbkk; Path=/; Domain=.unibet.nu; Expires=Mon, 02-Dec-2024 23:27:59 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Mon, 02-Dec-2024 23:27:59 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Mon, 02-Dec-2024 23:27:59 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=85891437; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 03 Dec 2022 23:27:59 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01vr5vektkwyvd90n3dun7tbkk; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 03 Dec 2022 23:27:59 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 03 Dec 2022 23:27:59 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba402259db80ae99087cf757dfbdbeb8
7b426820ac7e7520cbdca84ad25578e81f0b7309
faea7a8c7dbbb574d75a21fe2e976b2750790314e24fe298e86baf56e07dda4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAEA7A8C7DBBB574D75A21FE2E976B2750790314E24FE298E86BAF56E07DDA4F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8052
Expires: Sun, 04 Dec 2022 01:42:11 GMT
Date: Sat, 03 Dec 2022 23:27:59 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5c955bd73711c248a4719d475f430c7d
c256a11d7cf3ee0a9c723ca4ef8cac24a8b870a3
b279e8ca5c6dec4d740419dfea4eb4493a468c8ebf84f7574640272b00ba9572
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d5983b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 997 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 9faf46efed0cd4f15e68fdc240115664
e906197e8c0f49327f254f5deee2d0626c6fea33
9e707e5683e52658f035a40921ac994da80d1bba61cf0b3dfa6ca68fdbd3dcae
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d5972b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 12:45:16 GMT
expires: Wed, 29 Nov 2023 12:45:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 384163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 83975132d2ae0d78fd7bb27da6c5d1d6
32469c305581201b2011d2e7ee6c04b09e2b2114
590de385ca683dd3c614912d6b506a14aea72baa4321d20afecf324cf701af96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4262
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Last-Modified: Sat, 03 Dec 2022 22:16:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 1.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash 87385d8eb8fb01d483a3b3a7d25965df
61e376cd34c2d229e586b14e712d838c204c1695
cd279e181ef019c905eb91f2cd1d40d97b07e42f9d7298f490be740e87348bd6
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d5971b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 83975132d2ae0d78fd7bb27da6c5d1d6
32469c305581201b2011d2e7ee6c04b09e2b2114
590de385ca683dd3c614912d6b506a14aea72baa4321d20afecf324cf701af96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4315
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Last-Modified: Sat, 03 Dec 2022 22:16:04 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 114 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Size 114 kB (114141 bytes)
Hash 4e53c1825fe20057b4b44c0a68c5718d
5f57250d9f2990124c3544291f27689dd8c80e4c
06217c517e871263c1091789289ec31ae4a049642ea81f0c790b536feeacc832
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: text/css
x-amz-id-2: Naym7hPmP6C6hux6VLJAAre0tbecqXaiQpMJaYu3vDn0x1vPpC32gtoDJkl7kXKmPPFbhKi1q5U=
x-amz-request-id: MZGFJRB14SZWS1MV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 641736
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nR5UGX3KhGrrHEf7oqA6mCNFrYBuze7ePaje6iwE1TJA7EvoJ4mBjhHVcv8MviGBa6RONhZM4rRNh85pob0h2n694oF3Z5DJoqmSSn2DtN3T9evyBDMIwZGbC3RNzRFF%2FfiluK1u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7740137dfcb70676-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 1a207891fa38f0a041e7b32efdbedeeb
78d2db2936fc0e9073326573b2f6e9cb4595d883
ef9647b6a96a57397eb3c7fd92d37bac085e1656b7766d2ab327a17266da538d
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/xml
x-ms-request-id: ed76c7d0-f01e-0067-516e-0702fe000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 234
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137e7a77b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
kanvo.cogliatu.com/rc/a33384834e?affclick=638bdb7a8594c5176218b022&pubid=67.jp.safari.
188.114.96.1200 OK 1.7 kB URL HTTP/2 kanvo.cogliatu.com/rc/a33384834e?affclick=638bdb7a8594c5176218b022&pubid=67.jp.safari.
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1531)
Hash 4ed9b6f0bea47625f269c6ea483a54fc
09859c35712a38d4da62e56968492f4ba223fe9b
b0510e8b06d500de0831abdbc7be9563e4a34489d12bb38691d2f280ae1f4db7
GET /rc/a33384834e?affclick=638bdb7a8594c5176218b022&pubid=67.jp.safari. HTTP/1.1
Host: kanvo.cogliatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://t2.hightid.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:54 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=gV/id2Bb0iFCsXhl96alpSoLy0XZwYrsgxHG/DBfC8VHkQDllCAqIgClAsveuhV1ZWt92B71QYwCObGhe12r3bbuP8J/ltykh8CHjd5+bh1ynvtpoq5vumA9uvxC; Expires=Sat, 10 Dec 2022 23:27:54 GMT; Path=/
AWSALBCORS=gV/id2Bb0iFCsXhl96alpSoLy0XZwYrsgxHG/DBfC8VHkQDllCAqIgClAsveuhV1ZWt92B71QYwCObGhe12r3bbuP8J/ltykh8CHjd5+bh1ynvtpoq5vumA9uvxC; Expires=Sat, 10 Dec 2022 23:27:54 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wI54toj4aXRc864Mz8JKQ3LnS3Sc3RvVvRWItx7DAvHlR%2F7rZlQWCO1a8ZERUbx35Z6JjbBNNZWLLwPmCYXL9OpSLuOUFZP7LBBPbhONtwrijgqGDpgnbzlFA6ZeUnb3IEOJjP4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7740135fe9541c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 1.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash 4b3da735f2c70bea4e1f274b98674b95
107e25c938d5c0c9d49aa66ff212f879a8520952
8fa0af526a00b0b953b5d2291d6de4d8262ba9b38dead2d723c8403bbd641b58
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486043
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d4956b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.133.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.133.15:0
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: SYu1O0qpfKXkCwrmaUAdwYMduNJ5VDJjzq/NZ6aXI+KzwfjKy8q7ykU1NLQf0byh/jE10eMvTwc=
x-amz-request-id: X6VAEWBQXGEVXHTZ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 734177
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dxP%2Fn4KuNCSg0IfTkaPykrLTp8d841ztDxCQR8ZIo%2Bp3vMuXvvSwEkKJ0x%2FHQO5cktvO%2FRTkNynXt6OsnqiF2V8WaCpYvqapsSIIKxaBwwTJT7sRLZPaxqiZhiL21iYdYpIpk4l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7740137ead630676-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 86 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
Hash 568fa0e89e34c42ebf1aa89ed396468b
b46776af3b0a6d7b5d0dd5ff227a3469bb6345af
ebe37001a03afd698f75743b680d9261bd8ab8dd174456a306081f63182236b5
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d3943b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 273245
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 273243
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4c20148d731bf13d7da11864b5622318
2d8074e60a24b0fc33fea915a0241eb865295a4a
8c3efdd945e3105ef17791a71b32002409764f51e0e80e5a8fbafb0a2508a919
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2524
Cache-Control: max-age=127236
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Etag: "638b1fa7-116"
Expires: Mon, 05 Dec 2022 10:48:35 GMT
Last-Modified: Sat, 03 Dec 2022 10:06:31 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:27:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 1.8 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
File type HTML document, Unicode text, UTF-8 text
Hash 35384e056b4ec3533ca79f0a67ab1794
0e8b871363abf6698ee2d8c09b2293d5eb85f27c
a7b400b69f89030d7292b2899d4c489ce755d86b09cfcf9f632ac0bda980ed3e
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d3946b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
104.18.25.188200 OK 4.8 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
IP 104.18.25.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2468)
Hash 163d7025c2fc97dc613f4afa173db0ed
700ef14e33af032bf95086deeabaac2bcc29f57c
d60b082bcb9e9d4150a70fbf8f71f3b8e03b0c34705499aeebfc6388f42584a3
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: 4ba01b8e-e01e-0026-016e-075a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137b7f4ab51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.89.211.132307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.89.211.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 03 Dec 2022 23:27:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 99d18b96-c2ad-43d2-8961-f3f0b7e38745
Set-Cookie: uuid2=2798294369403195512; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Mar-2023 23:27:59 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ba8ff02e11d13ba757cfecb100ac92a
b37d0ed2c4c9c6199e84928a39c0dc32b77c1c9f
3545aa0f186551f560b9324b6887811b6966fe4500610438a2db5d7805f5d724
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4417
Cache-Control: max-age=114751
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:28:00 GMT
Etag: "638ae77e-1d7"
Expires: Mon, 05 Dec 2022 07:20:31 GMT
Last-Modified: Sat, 03 Dec 2022 06:06:54 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670110077762
3.248.121.63200 OK 498 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670110077762
IP 3.248.121.63:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 1aa9ac32087db948193b4f9b699305a5
be2c928ba74984f390a6fde60a7156b2e435f2c6
f29c01692c0515220196bf7a3f480f177c3d63886ff241fe8889cb40bc1c4bd2
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670110077762 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-001bf2e72.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=89461252995181628673034475861505033609; Max-Age=15552000; Expires=Thu, 01 Jun 2023 23:28:00 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: FQckCAiASF0=
Content-Length: 498
Connection: keep-alive
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.147.8200 OK 1.8 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Hash b4ea22023a0d87cae98c823e00039c34
3ff40d4d763eed656ae25dd8b2e3108629a15255
c74c718b061701e812c999b0abbf6e287f69922eceb75a0e7a822da541d97248
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: application/json
content-length: 1770
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 03 Dec 2022 23:05:14 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 1366
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774013808880b52d-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.211.132200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.211.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 03 Dec 2022 23:28:00 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: aa1b8f33-e3c9-4707-8d07-846856161e13
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2HbxrgWIu!@wnf-Te9(>wL5L!!'V=$leTS; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Mar-2023 23:28:00 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e782016bc9aa5f2e04689cbb117a6353
895d687d1862f5230aef04d19876517fa5a48a40
73863d7dff9a55b6a9c9db92fbe2df8406a2c707a000bc9f3313f06483420253
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6102
Cache-Control: max-age=142353
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:28:00 GMT
Etag: "638b4cbb-117"
Expires: Mon, 05 Dec 2022 15:00:33 GMT
Last-Modified: Sat, 03 Dec 2022 13:18:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e782016bc9aa5f2e04689cbb117a6353
895d687d1862f5230aef04d19876517fa5a48a40
73863d7dff9a55b6a9c9db92fbe2df8406a2c707a000bc9f3313f06483420253
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5104
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:28:00 GMT
Last-Modified: Sat, 03 Dec 2022 22:02:56 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e782016bc9aa5f2e04689cbb117a6353
895d687d1862f5230aef04d19876517fa5a48a40
73863d7dff9a55b6a9c9db92fbe2df8406a2c707a000bc9f3313f06483420253
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6102
Cache-Control: max-age=142353
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:28:00 GMT
Etag: "638b4cbb-117"
Expires: Mon, 05 Dec 2022 15:00:33 GMT
Last-Modified: Sat, 03 Dec 2022 13:18:51 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.174.188200 OK 8.5 kB URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.174.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7cc3bc88fac55be1b3c9f1c0fa657fb3
07129bce6cd5f165d9a97f9ee1ec9449968c4dfe
d7b425d96798774e3542cbccf93762e89ecbd38f9670a637077d28d41e34941e
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 589
vary: Accept-Encoding
server: cloudflare
cf-ray: 77401381bd6d1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89469025604951885203031575940769658898&ts=1670110077948
13.36.218.177200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89469025604951885203031575940769658898&ts=1670110077948
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89469025604951885203031575940769658898&ts=1670110077948 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sat, 03 Dec 2022 23:28:00 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
34.255.150.87200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.255.150.87:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 3 Dec 2022 23:28:00 GMT
DCS: dcs-prod-irl1-1-v045-0ff225fd5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: T2AnpUvcTOc=
Content-Length: 2791
Connection: keep-alive
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
104.19.147.8200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP 104.19.147.8:0
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 712985
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740138219e2b52d-OSL
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s91439413655125?AQB=1&ndh=1&pf=1&t=3%2F11%2F2022%2023%3A27%3A58%206%200&mid=89469025604951885203031575940769658898&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A27%20PM%7CSaturday&v6=11%3A27%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1670110078&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&v126=85891437&v127=37950&v134=1670110077&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
13.36.218.177200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s91439413655125?AQB=1&ndh=1&pf=1&t=3%2F11%2F2022%2023%3A27%3A58%206%200&mid=89469025604951885203031575940769658898&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A27%20PM%7CSaturday&v6=11%3A27%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1670110078&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&v126=85891437&v127=37950&v134=1670110077&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s91439413655125?AQB=1&ndh=1&pf=1&t=3%2F11%2F2022%2023%3A27%3A58%206%200&mid=89469025604951885203031575940769658898&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A27%20PM%7CSaturday&v6=11%3A27%20PM%7CSaturday&v11=GBP&c14=New&v14=New&c16=1670110078&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&v126=85891437&v127=37950&v134=1670110077&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sat, 03 Dec 2022 23:28:00 GMT
expires: Fri, 02 Dec 2022 23:28:00 GMT
last-modified: Sun, 04 Dec 2022 23:28:00 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3586534089176875008-4619764361782535581
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463919
104.19.147.8200 OK 144 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463919
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 46a26cda7d8d372c01f7e11ccfdc3b62
2f4b523f3f090c89cb343317a6e3be6f66303011
c6bca5aa2922831a717ec17b305c54cd00598ba04149d4fc9b6299cc2b310a95
GET /pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463919 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: application/json
content-length: 144
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 03 Dec 2022 23:05:14 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 1366
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774013826a25b52d-OSL
X-Firefox-Spdy: h2
pagestates-tracking.crazyegg.com/healthcheck
54.230.111.22200 OK 19 B URL HTTP/2 pagestates-tracking.crazyegg.com/healthcheck
IP 54.230.111.22:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: pagestates-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Fri, 30 Sep 2022 16:18:54 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h8q4_tlHOPv0u0IMgWECvBbyD-BPHJt870kPhHz0bfpfRuS2kMXNxA==
age: 5555347
X-Firefox-Spdy: h2
assets-tracking.crazyegg.com/healthcheck
54.230.111.105200 OK 19 B URL HTTP/2 assets-tracking.crazyegg.com/healthcheck
IP 54.230.111.105:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: assets-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Mon, 22 Aug 2022 11:33:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vIrW_6R_rBYBovQ8lb3dDEQkW35Syxttk76Ke-xwoK-5ZYyhV_4L6g==
age: 8942085
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash ff01833196b3205b8fb48274485a96a1
e1672efdac991316f321eff3cf9cbbfc5233ca16
b861b8505c7916f02acdadf2eb886e1bf89d93875c4e7f4f11498e94164cb35e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 23:28:00 GMT
Last-Modified: Sat, 03 Dec 2022 22:17:35 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nlOZEQPoYb6cla1q5BfnQ-AvZpV6O5AZE5ooLBV3T3bDvc70LJ7z4A==
Age: 4225
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.174.188200 OK 513 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.174.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1053), with no line terminators
Hash 091e7d71bee0c03f8cbedb74d97e9892
35c873c866cd8284b5a175fe2188b8b3355b2639
4525fb760a289118660d0d9d7d80eb40464f5cf47b1d01902dfe64923b01ff95
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 584
vary: Accept-Encoding
server: cloudflare
cf-ray: 77401381ad5e1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV
3.248.121.63302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV
IP 3.248.121.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-024ef1325.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=72643160158981518464213150276078522080; Max-Age=15552000; Expires=Thu, 01 Jun 2023 23:28:00 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: uBJ3npATSqE=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV
3.248.121.63200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV
IP 3.248.121.63:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4vbgAAAAMRJ7gOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: VjhJAI9/RY4=
Content-Length: 59
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 8ee9f66207c064a5e7ff6ac26200c734
b03891fec5d5639929621f6db072879a6155c034
99a68c40644377a3d8415a5a300c93b7efd0c0aaff91c2ca15dee0e22c8f5d29
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146245
Date: Sat, 03 Dec 2022 23:28:00 GMT
Etag: "638b660a-1d7"
Expires: Mon, 05 Dec 2022 16:05:25 GMT
Last-Modified: Sat, 03 Dec 2022 15:06:50 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3yH3J02PHbwJ80LVXJPO6rMH31cc9eIdZSVCFNfht8piYzfdsGKknw==
Age: 3515
tracking.crazyegg.com/clock?t=1670110078308&tk=49f5480a39da8ce7e59e73633af4ed5a
52.211.182.152200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1670110078308&tk=49f5480a39da8ce7e59e73633af4ed5a
IP 52.211.182.152:0
File type ASCII text, with no line terminators
Hash dc7452cf8dda74c7febb72bcddc889e3
77a8451e46e9479be5a1704dd9c9aefe95bda746
6131c5938fc28103a9a3e2594063d9f33aa5ecc23a2321e31612400fd3346943
GET /clock?t=1670110078308&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Sat, 03 Dec 2022 23:28:00 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 03 Dec 2022 23:05:15 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1364
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137f8ff1b52d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d5973b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.158.251200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.158.251:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 5806
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uomzT6%2B4SwecwwtEHjXufOa72z2J2aVPtu1Q%2F5z5TCIo2FcVkMT3KkqMrifmUy8J%2FdnQWu314zXtpAj0yPJRkVTpeHTW2cOkWEel2gaE0Pmr2iQ55K4IbaEo1eYN2XCb1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77401362b8200b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d4959b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d496fb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d496db51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/xml
x-ms-request-id: ed76c7d0-f01e-0067-516e-0702fe000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 234
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d597eb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
168.119.90.96302 Found 0 B URL HTTP/2 adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP 168.119.90.96:0
ASN #24940 Hetzner Online GmbH
GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 03 Dec 2022 23:27:57 GMT
content-type: text/html; charset=utf-8
location: https://fancycrab.net/click?a=Csxn&e=gAAAAABji9t9xxelKFIpGgXjtL3lV9ZNO8ANdf7eDcJgJ54LNHMK6gIjNYg9pTPEJXAVAy-_qm7HLJA-mZTs8xtLvO431LIt8NNMlNmlE_SjE3600WrZ4UZ2DxixxFBsHJgTb7ciKHMzwWZX7LWn6eaNFfuKUHoBwmSSPPVdhFD516MZeF1yxSf8w7LlL6X98s0PzXfmQha3pXnJqzm4BHzU7WOC9yUr6bL6rwyChaXNZpEqw3Ii173kL7_MUpU2QbfIBegY3WFM3YJrox17f5HkoFL1Boafio9DVKhXH0yfBNeFvGcJ9f1NehXno7qUt02JyE_fHhDeVU1k3hhJO7WFxxeTeEcudGfksAxMzjrUUPKA1s41v8Y3AEzpbRzsqkLXH8FfyxUD1tL7Kf0O9P-0SVVBiWsnUNhQj2FW-2V9YfSAobD5CCIn12AmqhT_cGDJteSJmjqymWHNhrxsdX5b_zScoibykw9-5lqU0bC-0CZxvFxGZHrJOJNf1v-EjSFf6qpuvaKSfV_hkpAU2SmyRYWlLzduiqUe3Oz9oHLzrhli_P6IeMINbqQmmfo2XxicXwEfbHd1GxLUUFQMorpv0MlAWm_BV0kWWWdgwKafRa-0nQMSE7RGL4AQ-9CaQN4PnJHS4rQLk3WTsarvlHpWEgOxNZ7AZVyyNK8nfC5aLd7USM8wZf7SIlYB4VLOGjpqcQX8wgOgGPWSgff3eBelILFAC_T2ZMjsm2claBmDVExy8-4Ns7vIQ1D36siOVZzWjdO8-cFUyrRbJ6OUMnGy4LI6fQz18yYQq99VSel5gbFfqGGgQVgcDZhlFrRBxIqEjW1RC3D1Zp68IWEf0rrEYapxrEzIX4-ux19fJiADyA39d93gw1YRCc0hxTNTT7UM6LNd-iffz-30Qcp-O-7OIbUoxOrp_ZaXKOlKD5ObFzaFdxLyP0FofXMr-46Oknd8vSEejBgtQGyW5s5NbiLbz4zPqejrt7QQUgRfHixnwuvOyENfruNmdIBSTRtmAHPcHaf11QKMzZjA6T73kwhj3qIfu2zI0MTkDzsv8h4fIRoZFUT465YullTFnvzXE8QGqPK3rrP6aIU16ZP3UWJzdst9DxzrKaPF2tqdQWtmZko4rdiDHxRRegGpj5S4tmoLqK0o1Ob42PcGWFoZl594865bcxAnPJebNJiSyuW6WqMrALgr8ffrEYSR1cH397TADhjmARyrcafyKst9dxrc132F3K78Okzt-JUwfDkdAgSwGRQIDsKCYTpiNcdp7u48kPOx5Hn5V5vv5frHriR_jRcVDRe9EUTF3bn4tmHmUTXmdIdZchB21C1WTdjm351d7KLmwBQQ0Tl14mEprSslpvBE6ODxYMCnZDJieW1M5G-eLvzXKdLUQ-wSDVnPQypryjLKuqXxFrrD0igtUqQqbNFeH5TgzUjETE4bTtPi2psmhi824GyskElEpkF8ZsJMwh0_Zw3FM5yumuCbcLYl6w_Z2P0p-9fl5lsrUfbRWcJORqj20oNrETF_x2rKFQAZyNXqjQFF-Uf9FiMOKadahglftQI2NwpGLBOpA0anLowJjicAkOGbgy52zk5_TIYgX75jPETVYE2nvYMrCoKWUz7dzXrQiOHoTJPWghcxCRF0Qtj7SxB_k-HDtX1V33kZeZJm52CTQV3vXgt2HNXiA9st113YaChCQ76HxY--RDw5x2PxjTlKMxOl5Nx7Lk6LXbdAFLOI8IKRGrQYx1_ZDUXCJ29aLJbHlLvUjVnZvtMq9ZvmPjUUJSQ63rMWQwGcDvbWK2rPb48hbKYqqksI5PHc5DLuFkx1Ei-sdOArg0FzhuaCwnPCbT1ZbydMVmwIgEpMxddP3CBNSqb-tolMZqaU1HzlwkIIT_bRvbnsKH-rkOE2yjz7ifMyUPOVj71ua0RMVLdt_rO80kUElgerLFaeO17NS7dB1hQI1n0pL4mPISGuAPwZefgKsUei-W2pQpZcwpHh2I0npOclCwe0SKXID8yoCtfYt6zlzYyabcKmhGyL0D7U6OKcQbGzlNtwPMpN8TT58pEcEzNi_2jhPnYV93p6QzhruzgyJmXauSYwzXWB018KEoBiQEFdVyRgLb5nWVoD-vr-XciBaPoKdas_oUwb7vctm6Ksqfr9uQH12cSKJATDJ9_RN47F4grlhDHw5VJSM_P1U4lPyoVK5xhdBJ7pNgnulfBBHQcOpE_x9mn6cbg3lPMMpNx1vRKu3Y-4lfbq0OcwcwyXFDvg4Miv8JNnaJ3EQ7iIexFImcnewFwJTUQ%3D
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 23:27:59 GMT
date: Sat, 03 Dec 2022 23:27:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 0 B URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sat, 03 Dec 2022 23:27:59 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d394ab51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 486044
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d4960b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?463919
104.19.147.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?463919
IP 104.19.147.8:0
GET /pages/scripts/0012/9242.js?463919 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 03 Dec 2022 23:05:15 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1364
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137fa803b52d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_8DCBC9ABDC884F1CBE3F256BD4BC2999&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670110078991)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221232327%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228516889657%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 23:27:59 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 485997
vary: Accept-Encoding
server: cloudflare
cf-ray: 7740137d4954b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2