Overview

URLwww.kzjs4rtk.com/5LMHK7/2F8LBL/
IP 34.107.199.247 (United States)
ASN#15169 GOOGLE
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-28 16:11:41 UTC
StatusLoading report..
IDS alerts0
Blocklist alert2
urlquery alerts No alerts detected
Tags None

Domain Summary (29)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
www.c9ikptk.com (1) 662324 2021-09-23 19:37:57 UTC 2022-11-28 11:05:17 UTC 34.107.199.247
a1s-cdn.unibet.com (1) 283505 2014-04-23 15:07:51 UTC 2020-04-04 05:20:05 UTC 85.184.96.5
welcome.unibet.nu (16) 0 No data No data 104.18.24.188 Unknown ranking
ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-11-28 06:03:29 UTC 142.250.74.74
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-28 05:49:11 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-28 05:46:10 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.213.121.129
a1s.unibet.com (2) 297625 2018-08-24 02:07:57 UTC 2020-04-28 05:20:01 UTC 85.184.96.5
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-28 05:48:59 UTC 142.250.74.10
cm.everesttech.net (1) 996 2018-09-03 07:40:22 UTC 2020-04-29 11:27:39 UTC 54.229.62.148
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
ocsp.starfieldtech.com (2) 6616 2012-06-22 18:08:50 UTC 2020-04-16 20:58:06 UTC 192.124.249.24
adserving.unibet.com (1) 98000 2015-05-26 06:56:53 UTC 2020-04-28 07:38:51 UTC 23.36.79.43
www.unibet.nu (2) 0 2022-11-04 11:13:23 UTC 2022-11-27 16:13:51 UTC 85.184.96.0 Unknown ranking
ocsp.pki.goog (8) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
xml.poprtb.pro (1) 90217 No data No data 174.137.133.18
www.kzjs4rtk.com (1) 0 2022-03-08 10:34:16 UTC 2022-11-28 11:05:17 UTC 34.107.199.247 Unknown ranking
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
unibet.demdex.net (1) 338024 2018-06-24 06:21:19 UTC 2019-11-02 03:04:11 UTC 18.203.75.86
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-28 05:55:58 UTC 34.102.187.140
use.fontawesome.com (1) 942 2018-09-18 10:26:26 UTC 2020-03-18 00:09:30 UTC 172.64.133.15
secure.adnxs.com (1) 396 2012-05-22 16:37:37 UTC 2020-03-11 07:38:04 UTC 185.89.210.153
unibetlondonltd.d3.sc.omtrdc.net (2) 444877 2017-01-29 21:05:05 UTC 2022-11-28 05:44:01 UTC 13.36.218.177
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
p.npcad.com (2) 93803 No data No data 3.228.63.1
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-28 06:09:03 UTC 142.250.74.168
dpm.demdex.net (3) 204 2018-07-06 04:53:56 UTC 2020-04-29 23:04:31 UTC 52.214.114.125
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-28 2 www.kzjs4rtk.com/5LMHK7/2F8LBL/ Phishing
2022-11-28 2 p.npcad.com/go/89517/482729 Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 34.107.199.247
Date UQ / IDS / BL URL IP
2023-01-27 19:35:13 +0000 0 - 0 - 1 ef.vpn-access.org/48HP5T/2GMH37/ 34.107.199.247
2023-01-26 19:21:34 +0000 0 - 0 - 1 ef.vpn-access.org/48HP5T/2GMH37/ 34.107.199.247
2023-01-25 23:13:48 +0000 0 - 0 - 1 www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29 (...) 34.107.199.247
2023-01-23 07:27:08 +0000 0 - 0 - 1 www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=30 (...) 34.107.199.247
2023-01-23 07:26:55 +0000 0 - 0 - 1 ef.vpn-access.org/5LMHK7/2GMH37/ 34.107.199.247


Last 5 reports on ASN: GOOGLE
Date UQ / IDS / BL URL IP
2023-01-31 03:25:23 +0000 0 - 1 - 0 crypto.secdet01.repl.co/csh.exe 34.149.204.188
2023-01-31 03:24:47 +0000 0 - 3 - 4 sidewayssidle2112.blogspot.com/2011/09/big-da (...) 216.58.207.193
2023-01-31 03:24:05 +0000 0 - 0 - 2 celebrity-nude-naked.blogspot.com/search/labe (...) 216.58.207.193
2023-01-31 03:23:27 +0000 0 - 0 - 2 1001-life-insurances.blogspot.com/search/labe (...) 216.58.207.193
2023-01-31 03:20:30 +0000 0 - 0 - 2 9247696.filesusr.com/html/e766f6_03f39d7024f5 (...) 34.102.176.152


Last 5 reports on domain: kzjs4rtk.com
Date UQ / IDS / BL URL IP
2023-01-05 07:47:17 +0000 0 - 0 - 1 www.kzjs4rtk.com/2RSPJ5/2F8LBL/ 34.107.199.247
2022-12-12 04:21:02 +0000 0 - 0 - 1 www.kzjs4rtk.com/ 34.107.199.247
2022-12-02 18:40:36 +0000 0 - 0 - 1 www.kzjs4rtk.com/33G977/PS824 34.107.199.247
2022-12-01 08:05:42 +0000 0 - 0 - 1 www.kzjs4rtk.com/2RSPJ5/2F8LBL/ 34.107.199.247
2022-11-29 07:31:59 +0000 0 - 0 - 2 www.kzjs4rtk.com/4T2F56/2CTPL/ 34.107.199.247


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-02 15:54:23 +0000 0 - 0 - 1 tgtggb.7d3df.zl.wy5532.com/ 199.115.115.102
2022-12-02 13:58:24 +0000 0 - 0 - 5 imranbataev.blogspot.com/2022/09/player-that- (...) 172.217.21.161
2022-12-02 13:45:13 +0000 0 - 0 - 1 hfgfgf.48324.gw.wy5532.com/ 37.48.65.150
2022-12-02 11:29:51 +0000 0 - 0 - 5 get.myboek.xyz/fr-517684339/une-femme-livre-g (...) 172.67.128.71
2022-12-02 10:59:27 +0000 0 - 0 - 5 eu.lnslagging.click/ro/i14s22/telekom/ 207.154.225.165

JavaScript

Executed Scripts (24)

Executed Evals (9)
#1 JavaScript::Eval (size: 60) - SHA256: 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f
(function() {
    return visitor.getMarketingCloudVisitorID()
})();
#2 JavaScript::Eval (size: 132) - SHA256: 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168
(function() {
    if (window.innerWidth) return window.innerWidth;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetWidth
})();
#3 JavaScript::Eval (size: 62) - SHA256: adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42
(function() {
    return window.functions.getPageNameOldEvar1()
})();
#4 JavaScript::Eval (size: 135) - SHA256: fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed
(function() {
    if (window.innerHeight) return window.innerHeight;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetHeight
})();
#5 JavaScript::Eval (size: 71) - SHA256: dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb
(function() {
    return Math.round((new Date).getTime() / 1E3).toString()
})();
#6 JavaScript::Eval (size: 55) - SHA256: 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282
(function() {
    return visitor.getAnalyticsVisitorID()
})();
#7 JavaScript::Eval (size: 88) - SHA256: 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62
(function() {
    return "LP:" + BF_prop.LandingPageName.toString().replace(/:/ig, "").trim()
})();
#8 JavaScript::Eval (size: 54) - SHA256: fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81
(function() {
    return screen.width + "x" + screen.height
})();
#9 JavaScript::Eval (size: 61) - SHA256: 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c
(function() {
    return window.functions.timeParting("n", "0")
})();

Executed Writes (1)
#1 JavaScript::Write (size: 50) - SHA256: a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449
< script src = "/widget/betslip/betslip.js" > < /script>


HTTP Transactions (76)


Request Response
                                        
                                            GET /5LMHK7/2F8LBL/ HTTP/1.1 
Host: www.kzjs4rtk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         34.107.199.247
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Mon, 28 Nov 2022 16:11:30 GMT
content-length: 224
location: https://www.c9ikptk.com/5LMHK7/BP658/?__rpt=0&__po=29&__ptid=b257b333ef9e43cd8e0692e118be7d55&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
set-cookie: uniqueClick_2F8LBL=821944d1-e4d8-46dc-b7ca-c9905e1b302a:1669651890; Path=/; Expires=Mon, 12 Dec 2022 16:11:30 GMT; SameSite=None
vary: Origin
x-eflow-request-id: bdfcada9-8216-4c43-a5c4-bcbc18b8f2c3
Via: 1.1 google


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   224
Md5:    51d6d7df0e176eac5e641871620c56b8
Sha1:   61c5985760feb6e2c52a1505e193701c9e39106e
Sha256: a384a5f73d9817060aba51d7d18bf8fe6f0817bca2d28566e293be6ee615d16f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3758
Expires: Mon, 28 Nov 2022 17:14:08 GMT
Date: Mon, 28 Nov 2022 16:11:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12547
Expires: Mon, 28 Nov 2022 19:40:37 GMT
Date: Mon, 28 Nov 2022 16:11:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2975
Cache-Control: max-age=155366
Date: Mon, 28 Nov 2022 16:11:30 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:20:56 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: v8VKD2epYgZg5Emryvd1n+T93VXuKUNc34fJvPFjMRJ7GRqbpGcl21aaUsIdOdJPQjXHHhpFsxc=
x-amz-request-id: JGMX2BACVDZDBRHZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 15:45:05 GMT
age: 1585
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 15:19:32 GMT
cache-control: public,max-age=3600
age: 3118
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 28 Nov 2022 16:11:30 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 16:08:55 GMT
cache-control: public,max-age=3600
age: 156
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4503
Cache-Control: max-age=151827
Date: Mon, 28 Nov 2022 16:11:31 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:21:58 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DGC0JXgColUBcpS7+tScMA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.213.121.129
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5eUmavABQ7aLD2lIYzsEYf1iVrE=

                                        
                                            GET /5LMHK7/BP658/?__rpt=0&__po=29&__ptid=b257b333ef9e43cd8e0692e118be7d55&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1 
Host: www.c9ikptk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         34.107.199.247
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Mon, 28 Nov 2022 16:11:31 GMT
content-length: 57
location: http://p.npcad.com/go/89517/482729
set-cookie: uniqueClick_BP658=5a61898e-e6e3-4d5e-9f1b-a6293f96ce0c:1669651891; Path=/; Expires=Mon, 05 Dec 2022 16:11:31 GMT; Secure; SameSite=None transaction_id=2a28e90865624984ba08b901c85e1851; Path=/; Expires=Sun, 26 Feb 2023 16:11:31 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 3a5fd404-fba3-41e0-9de2-cdfe52f6f487
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   57
Md5:    fac34a702735ac79294c0ff2645951dc
Sha1:   bb025946516e373af1fb36abe2e300af88fda6be
Sha256: a4cbd7e80e4d2c050331282c60cd52fb8af96d7f86f71c61a0da55d6d1a4e9f6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 16:11:32 GMT
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 15:21:17 GMT
Expires: Tue, 29 Nov 2022 15:21:17 GMT
ETag: "c38b2d032ccc72b2e43d00722be0eb62b6db29b4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1846
Md5:    f87c7828b9b5f6dc8bfa9d5049fd13bd
Sha1:   c38b2d032ccc72b2e43d00722be0eb62b6db29b4
Sha256: f73b72974aa0e2d0688270bda0d5b3a93931000578503baab1693756043ee046
                                        
                                            GET /go/89517/482729 HTTP/1.1 
Host: p.npcad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 16:11:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 271
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   271
Md5:    1494628db2bada32512d7b0506d9a1ad
Sha1:   db26f97a9ac0d6d35118773b0fd288d421c5ab35
Sha256: 276b76118833e1c1d37b3778a7e6955a3eb828db615b16a5d4cdff1c5d7d1a5e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ad/ad?p=89517&w=482729&t=a5223adf60e7a1aa&r=&vw=1280&vh=0 HTTP/1.1 
Host: p.npcad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://p.npcad.com/go/89517/482729
Upgrade-Insecure-Requests: 1

search
                                         3.228.63.1
HTTP/1.1 303 See Other
                                        
Date: Mon, 28 Nov 2022 16:11:32 GMT
Location: http://xml.poprtb.pro/click?i=Jr5eTDkVrrM_0#pc224398
Server: nginx
Content-Length: 0
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:11:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:11:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:11:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:11:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:11:32 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 65416
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 65989
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10199
Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0
Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da
Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 16:15:23 GMT
age: 86169
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8817
Md5:    741ddfb19764ac9a77509e7e87cfbfb2
Sha1:   308c08784ce4a0757cbd112807555b83e17a1d56
Sha256: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10944
x-amzn-requestid: 8f48c27c-bbec-46f5-9c08-1cc804b9aff7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIbJ_FyvIAMFhrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63800bd9-2ffa8521241a5e5b0afc0935;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 00:27:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4YiBUU3kS0VrcVOwKXUHgIRygLLeXGp1TjBYDi6WwWWm6WMKktzfHg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:36:32 GMT
age: 63300
etag: "a23fd98701ac35cd8740d1f7a832118c770e20c8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10944
Md5:    5e586c141835f4ac8819c55dcb811b4d
Sha1:   a23fd98701ac35cd8740d1f7a832118c770e20c8
Sha256: 4296f391f755a649897a2211f9072c69a0510e43a313674908bb0a771b12650e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 65406
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6376
Md5:    78b1389f425425d0450c94d900404dc4
Sha1:   53b12a8702f7c5b7cc697e2a24da824d9434be65
Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 28793
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8885
Md5:    3a1a4e00f1f15827cf651f373863c379
Sha1:   70c2a238f06ca7e56ef80c83738e081bf0de3330
Sha256: 3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 16:11:33 GMT
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 15:21:17 GMT
Expires: Tue, 29 Nov 2022 15:21:17 GMT
ETag: "c38b2d032ccc72b2e43d00722be0eb62b6db29b4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1846
Md5:    f87c7828b9b5f6dc8bfa9d5049fd13bd
Sha1:   c38b2d032ccc72b2e43d00722be0eb62b6db29b4
Sha256: f73b72974aa0e2d0688270bda0d5b3a93931000578503baab1693756043ee046
                                        
                                            GET /click?i=Jr5eTDkVrrM_0 HTTP/1.1 
Host: xml.poprtb.pro
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         174.137.133.18
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_291587.170872_482729_4266184417
Pragma: no-cache

                                        
                                            GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_291587.170872_482729_4266184417 HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         23.36.79.43
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&sref=TRM&TRM=d_291587.170872_482729_4266184417&affiliateId=1&pid=86180956&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Nov 2022 16:11:33 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86180956%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669651893242)%5c%2f%22%2c%22CookieTag%22%3a%223795086180956451240919C202211281611%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228484771115%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 28-Nov-3021 16:11:33 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=86, cdn-cache; desc=MISS
X-Firefox-Spdy: h2

                                        
                                            GET /stan/campaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&sref=TRM&TRM=d_291587.170872_482729_4266184417&affiliateId=1&pid=86180956&bid=37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&sref=TRM&TRM=d_291587.170872_482729_4266184417&affiliateId=1&pid=86180956&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320665405%3A86180956-37950
set-cookie: JSESSIONID=node01pomsk6513gt1scm0kx550iwa291298.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node01pomsk6513gt1scm0kx550iwa; Path=/; Domain=.unibet.nu; Expires=Wed, 27-Nov-2024 16:11:33 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Wed, 27-Nov-2024 16:11:33 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref="http://p.npcad.com/"; Path=/; Domain=.unibet.nu; Expires=Wed, 27-Nov-2024 16:11:33 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 28-Nov-2022 16:11:48 GMT; Max-Age=15; Secure; SameSite=None affiliateId=1; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37950; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None PID=86180956; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=http%3A%2F%2Fp.npcad.com%2F; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 28-Nov-2022 16:11:48 GMT; Max-Age=15; Secure; SameSite=None campaignId=2808422; Path=/; Domain=.unibet.nu; Expires=Fri, 02-Dec-2022 14:58:59 GMT; Max-Age=341246; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 28-Nov-2022 16:11:48 GMT; Max-Age=15; Secure; SameSite=None clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: http://p.npcad.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 28 Nov 2022 16:11:33 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2808422&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/2022/index.html&targetDomain=https://welcome.unibet.nu&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&sref=TRM&TRM=d_291587.170872_482729_4266184417&affiliateId=1&pid=86180956&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320665405%3A86180956-37950 HTTP/1.1 
Host: www.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
content-length: 0
location: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 28 Nov 2022 16:11:33 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1758
Cache-Control: max-age=156986
Date: Mon, 28 Nov 2022 16:11:33 GMT
Etag: "63849911-116"
Expires: Wed, 30 Nov 2022 11:47:59 GMT
Last-Modified: Mon, 28 Nov 2022 11:18:41 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1 
Host: a1s-cdn.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   956
Md5:    fd48e87ecd4d06d9c5df490b91dc813e
Sha1:   a65a437db44444634e4f41732c590c1d14433b3f
Sha256: 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.5
HTTP/2 304 Not Modified
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/utv-logo.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EC5A693D"
x-ms-request-id: a2fad51d-401e-003f-082e-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aaacb515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Size:   934
Md5:    bec35c5776c90885debb385eda2b5143
Sha1:   97f2f38834c50dd624a8ad4105610079e030ec9e
Sha256: d5daf673ea88caa3a69e57dc69a5d461adc7557b0221b0e147fe749cf559a14d
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.74
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 06:32:03 GMT
expires: Thu, 23 Nov 2023 06:32:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 466770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4052
Cache-Control: max-age=162170
Date: Mon, 28 Nov 2022 16:11:33 GMT
Etag: "6384a45b-117"
Expires: Wed, 30 Nov 2022 13:14:23 GMT
Last-Modified: Mon, 28 Nov 2022 12:06:51 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/1-styles.css HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: lMc9drvQACpBd5pyJgR1QA==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EBD101D6"
x-ms-request-id: 48012a01-901e-0061-2e2e-033141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461508a6fb515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5563
Md5:    c266906dd0d7c44ad70292b6ec33a48e
Sha1:   c7ed8fb7b6e640c45800d9abe7b692c1509e072e
Sha256: 4c843f2f9b2cb61d006636afa60d86dd23345bac5a2db6a3143e1bd488aadcca
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4053
Cache-Control: max-age=162170
Date: Mon, 28 Nov 2022 16:11:34 GMT
Etag: "6384a45b-117"
Expires: Wed, 30 Nov 2022 13:14:24 GMT
Last-Modified: Mon, 28 Nov 2022 12:06:51 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Cookie: clientId=polopoly_desktop
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.5
HTTP/2 304 Not Modified
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            GET /releases/v5.7.1/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.133.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
x-amz-id-2: BTwL7dWf0q+Mv7N/dh7iT0PRbEDxamXFdvhCLtH8t5qudZu/vhgM01fzuSkejSlbFsNDa/Mvc6o=
x-amz-request-id: N1H88TMA9YCZMSHV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 9458
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2NllR23d4WpvaVqjwl6syySsJm6TwSU3LgLDt3FR36CSE6OB5TGVz%2FrHA9LCYWYltOn5ktBhTWSPfs6C5F1%2Ffcf6nlJD5WGEom%2BibTvN%2FCdDx8wpf1J8Ah%2BLJxo6wHWz9crcEvU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771461515c4e71ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (54456), with no line terminators
Size:   22771
Md5:    7c787c285793d2c1b8ad2f2e5b4de24b
Sha1:   2000515e02942283138940cbdb53ed9437da46ac
Sha256: 840b7b6d700ddaa5e897a59ae8c67ec90ed17e56535c6db299ab1dadbf7b3013
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-trust.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDF69F62"
x-ms-request-id: 7fc6adee-f01e-0067-3e2e-0302fe000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aab0b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Size:   530877
Md5:    4c1dd673ec4710139c3c479528b0f642
Sha1:   92393b320d8ba4bb97fd91df6e5d7ccf6b6a7985
Sha256: 3517a9624bdf342a99667dca6ad82120c28b1a285edccaa1de031a17793b98a5
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 419846
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/com-payments.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 28 Nov 2022 13:31:58 GMT
etag: W/"0x8DAD144ECAF33B2"
x-ms-request-id: 9c6ff72a-a01e-0018-0d2e-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aabab515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   84392
Md5:    94382f15ee170feff784a00e471a5f3b
Sha1:   68629c2ec16edb7d68ecb3ae4fb52404ad369592
Sha256: 5a9745b315148f62a6bd697e3f727714e4e8fd9d23c02da3f7711b68d4df2cd8
                                        
                                            GET /css?family=Roboto:300,400,500 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 16:11:33 GMT
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   16564
Md5:    89ae585d8bd954bfc8df380779ae7dc3
Sha1:   511928507d75fad13262f257f0ca0dc49ddfc38e
Sha256: c020e7e91ed83e8107790cad4e91d60039407f7b5b0cd524c3751b3dd6dafd34
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956 HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://p.npcad.com/
Connection: keep-alive
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: ALrEeXzHb5XykFNPd2FIIA==
last-modified: Mon, 28 Nov 2022 13:31:56 GMT
x-ms-request-id: b9163508-701e-0024-3444-03e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7714614e7df1b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (569)
Size:   22730
Md5:    bc6f8f0be1ab23368231080df75690e3
Sha1:   50d7573f7d4989682710a080a258285e5aed3823
Sha256: 9969e4f37bada6c4a6b7940b45e2cdb709f712a0946c03542ef6131748f4e9b9
                                        
                                            GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 16:11:34 GMT
expires: Mon, 28 Nov 2022 16:11:34 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80710
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62112)
Size:   80710
Md5:    718af536bc9febcda58a963776622bcf
Sha1:   a4b961244498ca6feaa9b8a5db95036456ec1b78
Sha256: 3dd77531c223db496235ea0e39851c7021b8665a557bebc2ca88f3c6a73e9766
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/mga-logo.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
cache-control: public, max-age=900, immutable
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Mon, 28 Nov 2022 13:31:59 GMT
etag: W/"0x8DAD144ED2C40CB"
x-ms-request-id: 171ac690-b01e-003b-462e-0357a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461532f1eb515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1894
Md5:    0d3b25d24a9f39a3b7b2a4b8f815ee20
Sha1:   e37c0026de1ea9a4d5a9931d9a4260b91c310201
Sha256: 71fcfaaef0187e7ee4a219f0cacddcbeedcc3f1f6a03d1e970e0a3711513dbf6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6471
Cache-Control: 'max-age=158059'
Date: Mon, 28 Nov 2022 16:11:34 GMT
Last-Modified: Mon, 28 Nov 2022 14:23:43 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669651893726 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         52.214.114.125
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-085e2ce89.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=43434885371760668761204263920610980517; Max-Age=15552000; Expires=Sat, 27 May 2023 16:11:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: /t/8HEE3SKI=
Content-Length: 498
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Size:   498
Md5:    bb9509acaa66e790258af9883c889cc2
Sha1:   00c2acb7adf85cb18ae45b1bb60282f4bdef6c84
Sha256: e74dcd603e9f0dc0f431d265e39fce26fd97966ca872f11d7de958da42a0a410
                                        
                                            GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.89.210.153
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 16:11:34 GMT
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: f64e0383-5e29-4919-9374-468f81baf22f
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In7lXmmc!]tbP6j2F-XstGt!@Dze$yT%w; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 16:11:34 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    592ebefc7104d681d57852665e9ad514
Sha1:   15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
Sha256: 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5787
Cache-Control: max-age=147702
Date: Mon, 28 Nov 2022 16:11:34 GMT
Etag: "63846511-1d7"
Expires: Wed, 30 Nov 2022 09:13:16 GMT
Last-Modified: Mon, 28 Nov 2022 07:36:49 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=43442564512832037511204900168083001150&ts=1669651893916 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.nu
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         13.36.218.177
HTTP/2 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
access-control-allow-origin: https://welcome.unibet.nu
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 16:11:34 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: unibet.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         18.203.75.86
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
date: Mon, 28 Nov 2022 16:11:34 GMT
DCS: dcs-prod-irl1-1-v045-07e4ed132.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 2737HfYoREI=
transfer-encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2791
Md5:    ccbdcb1e84c241950763ec4cd516cdfc
Sha1:   55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
Sha256: de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165026
Date: Mon, 28 Nov 2022 16:11:34 GMT
Etag: "6384bf1f-1d7"
Expires: Wed, 30 Nov 2022 14:02:00 GMT
Last-Modified: Mon, 28 Nov 2022 14:01:03 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sTyWICnU2uKPV-6t4HYAYLK5EtdMZPjKBN8pN03fMK96dbGhN7m4Ew==
Age: 57

                                        
                                            GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s78086264015170?AQB=1&ndh=1&pf=1&t=28%2F10%2F2022%2016%3A11%3A34%201%200&mid=43442564512832037511204900168083001150&aamlh=6&ce=UTF-8&pageName=LP%3ACopy%20of%202022%20-%20WC%20-%20Sports%20LP&g=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320665405%3A86180956-37950%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26bid%3D37950%26campaignId%3D2808422%26pid%3D86180956%23pc224398&r=http%3A%2F%2Fp.npcad.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%3Fmktid%3D1%3A320665405%3A86180956-37950%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26bid%3D37950%26campaignId%3D2808422%26pid%3D86180956&v1=welcome.unibet.nu%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Afootball%3Awc%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=4%3A11%20PM%7CMonday&v6=4%3A11%20PM%7CMonday&v11=GBP&c14=New&v14=New&c16=1669651894&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A86180956-37950&v122=NONE&v124=2808422&v125=320665405_542B91C1CE7440FBAF4E6BFD919B2544&v126=86180956&v127=37950&v134=1669651893&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         13.36.218.177
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
access-control-allow-origin: *
date: Mon, 28 Nov 2022 16:11:34 GMT
expires: Sun, 27 Nov 2022 16:11:34 GMT
last-modified: Tue, 29 Nov 2022 16:11:34 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3585550142301110272-4619839643267027904
vary: *
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2\012- data
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            GET /cm/dd?d_uuid=43434885371760668761204263920610980517 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.229.62.148
HTTP/1.1 302
                                        
Date: Mon, 28 Nov 2022 16:11:34 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4TdtgAAAHUmmgN-; Domain=.everesttech.net; Expires=Tue, 28-Nov-2023 16:11:34 GMT; Path=/ everest_session_v2=Y4TdtgAAAHUmmwN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4TdtgAAAHUmmgN-
Server: AMO-cookiemap/1.1

                                        
                                            GET /ibs:dpid=411&dpuuid=Y4TdtgAAAHUmmgN- HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.214.114.125
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-01a6f2a00.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TdtgAAAHUmmgN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=78158717618411446161022144865493964226; Max-Age=15552000; Expires=Sat, 27 May 2023 16:11:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 5uxQdtlXQkw=
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TdtgAAAHUmmgN- HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.214.114.125
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v045-083f91df3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 7tpx7XAUQz0=
Content-Length: 59
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   59
Md5:    1251cd5e5c2def4c046309375f87c1c1
Sha1:   e02d6b0c6a5c495c15985e2832e335eda8528c80
Sha256: 4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/no-payments.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 28 Nov 2022 13:31:59 GMT
etag: W/"0x8DAD144ED00071A"
x-ms-request-id: 8dc1f3cc-301e-0035-152e-037e16000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9464
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461532f1ab515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-expert.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDFDF14E"
x-ms-request-id: 0ae8f43d-c01e-0043-522e-03f45e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aab2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/18-plus.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
cache-control: public, max-age=900, immutable
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Mon, 28 Nov 2022 13:31:58 GMT
etag: W/"0x8DAD144EC6AE193"
x-ms-request-id: 561abf3d-701e-0079-582e-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9464
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461533f24b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/gb-when-the-fun-stops.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: aKFt6UnI1NUrF+upCSAbIA==
last-modified: Mon, 28 Nov 2022 13:31:59 GMT
etag: W/"0x8DAD144ED1D9CEE"
x-ms-request-id: e9b0b4f7-401e-005d-682e-031886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aabcb515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /custom.js HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: 126f410e-701e-000b-2310-f9e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 516600
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461509a9ab515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/1-main.js HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: EqJ6l4cI9XyehxuJDe4EbA==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EC00E48F"
x-ms-request-id: afdbac43-801e-0030-032e-03accd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461509a97b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/unibet-logo.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 28 Nov 2022 13:31:58 GMT
etag: W/"0x8DAD144EC848066"
x-ms-request-id: 561aba3e-701e-0079-042e-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461509a9eb515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/favicon.ico HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Mon, 28 Nov 2022 16:11:34 GMT
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 28 Nov 2022 13:31:57 GMT
etag: W/"0x8DAD144EBE68286"
x-ms-request-id: 1180807f-f01e-0077-172e-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9464
vary: Accept-Encoding
server: cloudflare
cf-ray: 771461535f56b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/icon-casino.svg HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
cache-control: public, max-age=900, immutable
content-md5: u/57C1Al21ESpXtbDs6sbw==
last-modified: Mon, 28 Nov 2022 13:32:00 GMT
etag: W/"0x8DAD144EDEFC297"
x-ms-request-id: 65dca035-e01e-0026-142e-035a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 9465
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aab4b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nu/pop/sportsbook/football/wc/2022/gambling-commission.png HTTP/1.1 
Host: welcome.unibet.nu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.nu/nu/pop/sportsbook/football/wc/2022/index.html?mktid=1:320665405:86180956-37950&btag=320665405_542B91C1CE7440FBAF4E6BFD919B2544&bid=37950&campaignId=2808422&pid=86180956
Cookie: __ucbt=node01pomsk6513gt1scm0kx550iwa; uniattr=ST.0.T; uniattr_ref="http://p.npcad.com/"; campaignId=2808422; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320665405_542B91C1CE7440FBAF4E6BFD919B2544; BID=37950; PID=86180956; REFERER=http%3A%2F%2Fp.npcad.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2808422%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320665405_542B91C1CE7440FBAF4E6BFD919B2544%26sref%3DTRM%26TRM%3Dd_291587.170872_482729_4266184417%26affiliateId%3D1%26pid%3D86180956%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2808422
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.18.24.188
HTTP/2 404 Not Found
content-type: application/xml
                                        
date: Mon, 28 Nov 2022 16:11:33 GMT
x-ms-request-id: 7b758a43-601e-0065-2443-03bc46000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 132
vary: Accept-Encoding
server: cloudflare
cf-ray: 77146150aab6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---