r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9990
Expires: Thu, 05 Jan 2023 12:01:23 GMT
Date: Thu, 05 Jan 2023 09:14:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ce8af3d72e7e9af609039abee59c8b87
8e1b16591fbc632df35f15e23da55ee86af31bc3
52edddbda4a3a3b778f61a491b21e6ea439e9d8024189e636b1f37b2dd7226fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52EDDDBDA4A3A3B778F61A491B21E6EA439E9D8024189E636B1F37B2DD7226FC"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12787
Expires: Thu, 05 Jan 2023 12:48:00 GMT
Date: Thu, 05 Jan 2023 09:14:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 225d42543c0190cdb3686bf236533f4f
13a0940800fce078487372b6b3ca614dd1ab6c31
766bbe15eb1642ac39e9b71669fbb44252471c8de5adb555cd1a76db44fbe7bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "766BBE15EB1642AC39E9B71669FBB44252471C8DE5ADB555CD1A76DB44FBE7BC"
Last-Modified: Mon, 02 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6522
Expires: Thu, 05 Jan 2023 11:03:35 GMT
Date: Thu, 05 Jan 2023 09:14:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 05 Jan 2023 08:36:28 GMT
content-type: application/json
age: 2305
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: owGNj8trcWkcjNHAHei5mdbUkK8QrIdcGqVVN1vgTeZD7cNnSFFUQbM5FZkacX+n2XKfV45T8d4=
x-amz-request-id: 2M648GG3WX77546W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 05 Jan 2023 08:59:28 GMT
age: 925
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 09:14:53 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
172.217.21.161200 OK 38 kB URL HTTP/1.1 badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1163)
Hash cf9524a75ab62a34136d42c1697734b5
19a7d0b99a7cca7ce42fd6133dd88856f9a5a14e
3e2c4bb44021ee2fe3af49d9ea3b0db1f880af777be8c4773778c83e273ac0a2
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /2023/01/ataneen-3-plus.html HTTP/1.1
Host: badosport8blogs.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Thu, 05 Jan 2023 09:14:53 GMT
Date: Thu, 05 Jan 2023 09:14:53 GMT
Cache-Control: private, max-age=0
Last-Modified: Wed, 04 Jan 2023 23:31:30 GMT
ETag: W/"530ed2460162499a76fde61d342e6b88d0991f0ab26df64049c6a533392c431e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 38174
Server: GSE
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32058)
Hash fc3fc31e5e7c0933dc18e562c1c071bf
a44c31323f6bd29e583cc585036e6eb39f7014a6
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30306
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Dec 2022 20:51:32 GMT
Expires: Fri, 29 Dec 2023 20:51:32 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 563001
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
i.imgur.com/NWZQyXM.jpg
151.101.84.193200 OK 260 kB IP 151.101.84.193:0
File type JPEG image data, baseline, precision 8, 1520x720, components 3\012- data
Size 260 kB (259877 bytes)
Hash 4b924dc8f0e1373a6110747eeee3fd0b
38adda91df0da2ea0ac31cd8327d4fa21d7ddb27
506833bbef45db9250331603ed07d5064e850c7c10924d6edccd7e511721368d
GET /NWZQyXM.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 04 Jan 2023 20:59:36 GMT
etag: "4b924dc8f0e1373a6110747eeee3fd0b"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Thu, 05 Jan 2023 09:14:53 GMT
age: 43029
x-served-by: cache-iad-kjyo7100095-IAD, cache-bma1635-BMA
x-cache: HIT, HIT
x-cache-hits: 26, 1
x-timer: S1672910093.452791,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 259877
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 05 Jan 2023 09:08:11 GMT
age: 402
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
pl18109110.highperformancecpmgate.com/08/5f/d7/085fd71a416134f79497ee2523dffeac.js
192.243.59.12200 OK 21 kB URL HTTP/1.1 pl18109110.highperformancecpmgate.com/08/5f/d7/085fd71a416134f79497ee2523dffeac.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60164), with no line terminators
Hash 246d45bf3b7ea1126b811340d9b24e7b
ada70064945054683403f0ed7d5fc8dcf82a1932
cefef9bd889c56eef59e933b72733b3d132544aecfb114dd34e441da3556e531
Analyzer Verdict Alert quad9 Sinkholed
GET /08/5f/d7/085fd71a416134f79497ee2523dffeac.js HTTP/1.1
Host: pl18109110.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 05 Jan 2023 09:14:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1c7011d03cd79513656a61dc2eb03586
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe74c226e54f2f382d278b594df930ae
4e4ebc661443f56b74d7c924ddae50bcb107f0af
511f11fe968867447f6d7e5862d8003e3a5fc18bdb62496ea09d140e9a11f53b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6063
Cache-Control: max-age=91980
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:54 GMT
Etag: "63b541ab-1d7"
Expires: Fri, 06 Jan 2023 10:47:54 GMT
Last-Modified: Wed, 04 Jan 2023 09:06:51 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 020638b48580069fa97cf4daa2d239b0
055ec460c04aafdc852bccce0cb23f6681ee5a90
01d079fbb77a2593cc5afb2eaa01f4ec2b0c207c6396e39df25cfebef0c329d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ca9c8f95fe965b1e9790a60ebf410712
7dfca1e3f26d7472451827b88c74518415901b52
6a449f27b0c544de4b21e3cc89659d89371cdd845798adc31eab15d54dbd457a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 94a18fd837dd0f115b235a9129822ce7
271fbb9ea6e641837e758c4030db4f90b331c182
3c544601cf7cb0a9adf878e6b1d3733ae16bd857f9599105eb0a9a44909c5458
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 05 Jan 2023 09:14:54 GMT
Last-Modified: Thu, 05 Jan 2023 07:28:33 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gAWaNKlI5tgp5eRkc2pgIS8LQyy1kVK0fictedTwFjhPH7hJM1GZYA==
Age: 6381
simplewebanalysis.com/stats
52.58.124.101200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.58.124.101:0
File type ASCII text, with no line terminators
Hash 476eb2e5623910e1a7764188901a5332
98083d32fc8035fe3ac25643d03262c246c9295b
4a5954d00943617a81f10a485cfea5a6dd0e7e8cf998f8d4f00d4133aee760d5
Analyzer Verdict Alert fortinet Malware
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://badosport8blogs.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Sun, 02 Jan 2033 09:14:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
172.217.21.161304 Not Modified 0 B URL HTTP/1.1 badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
IP 172.217.21.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /2023/01/ataneen-3-plus.html HTTP/1.1
Host: badosport8blogs.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
If-Modified-Since: Wed, 04 Jan 2023 23:31:30 GMT
If-None-Match: W/"530ed2460162499a76fde61d342e6b88d0991f0ab26df64049c6a533392c431e"
HTTP/1.1 304 Not Modified
Expires: Thu, 05 Jan 2023 09:14:54 GMT
Date: Thu, 05 Jan 2023 09:14:54 GMT
Cache-Control: private, max-age=0
ETag: W/"530ed2460162499a76fde61d342e6b88d0991f0ab26df64049c6a533392c431e"
Server: GSE
push.services.mozilla.com/
54.149.156.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.156.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: h2OHNOwrw+jiy8xQA3dsdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Rntcu+vcpg6LzderkJpuPnAC6lw=
unpredictablehateagent.com/pixel/purst?dl=0&th=0&sc=0&rs=1156&rd=1156&fd=648&bv=22.10.v.9&tmpl=70
192.243.59.13200 OK 0 B URL HTTP/1.1 unpredictablehateagent.com/pixel/purst?dl=0&th=0&sc=0&rs=1156&rd=1156&fd=648&bv=22.10.v.9&tmpl=70
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1156&rd=1156&fd=648&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: unpredictablehateagent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.profitabledisplayformat.com/aac8f9eeb6b9de8139175852340955ff/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 www.profitabledisplayformat.com/aac8f9eeb6b9de8139175852340955ff/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 8fd6e00792c1dcee26293abb7bded79a
5d2cb7a9d381c6d660bce7354fb286ce1f354645
05d04b4b974e5d26545665b3563a0e3547496267fd61271f1721d4af137295d1
GET /aac8f9eeb6b9de8139175852340955ff/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c54b9e634bc04aebd0ed9e8b96ae515b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 020638b48580069fa97cf4daa2d239b0
055ec460c04aafdc852bccce0cb23f6681ee5a90
01d079fbb77a2593cc5afb2eaa01f4ec2b0c207c6396e39df25cfebef0c329d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.profitabledisplayformat.com/a76964247e06c563a63b90778e56e2f4/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 www.profitabledisplayformat.com/a76964247e06c563a63b90778e56e2f4/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash cc823d362f5cdb0e8b58bf83449deb2a
5417baa68e59766726c2b28ba7892fcae73ffcdd
ce8e75490f2597e66ffc42b1bcb745b0a2baeaa5d2117762f34629c7469f7270
GET /a76964247e06c563a63b90778e56e2f4/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17b52e00557a3fcbf493a39ffed2b099
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ad.a-ads.com/2145781?size=300x250
136.243.3.135200 OK 4.7 kB URL HTTP/1.1 ad.a-ads.com/2145781?size=300x250
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash 29de56aef91255812316fcc966b73877
8eabf5302c9e2c182da7b90bc9acbaa538071507
d6dbfa8c19813a659e3a10a00476c1d29419fd5683182c18891a30f4fb568051
GET /2145781?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://badosport8blogs.blogspot.com/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
ad.a-ads.com/2145781?size=300x250
136.243.3.135200 OK 4.7 kB URL HTTP/1.1 ad.a-ads.com/2145781?size=300x250
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash f1f865428e0c948d7cf2595f37a56fbf
c9c58234845b442c44fe1621ff3e327d324525d3
a10e3151f7c4a76d7c0db5be39378276f855153063778982a0aa8a7fd07b1f66
GET /2145781?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://badosport8blogs.blogspot.com/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
www.profitabledisplayformat.com/58b25f93644d1cde42059bbccd0610d3/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 www.profitabledisplayformat.com/58b25f93644d1cde42059bbccd0610d3/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash ba624f1927fa07541824a2d5a0629298
8c940f73b261228f913882baf8d32a94be0d5c24
b940e8356e33a4aa06f17592d9c3d5d37872137bcc68a113f9aa399155d66a9a
GET /58b25f93644d1cde42059bbccd0610d3/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a15b261793649a973b80367fa02215a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ad.a-ads.com/2145781?size=300x250
136.243.3.135200 OK 4.7 kB URL HTTP/1.1 ad.a-ads.com/2145781?size=300x250
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash 29de56aef91255812316fcc966b73877
8eabf5302c9e2c182da7b90bc9acbaa538071507
d6dbfa8c19813a659e3a10a00476c1d29419fd5683182c18891a30f4fb568051
GET /2145781?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://badosport8blogs.blogspot.com/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
www.profitabledisplayformat.com/a76964247e06c563a63b90778e56e2f4/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 www.profitabledisplayformat.com/a76964247e06c563a63b90778e56e2f4/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26953), with no line terminators
Hash 3bd3cbd6de1c039b4c42643a29d76048
d1f86d7901e44b4ace9157d55cca6bfd5db98679
95482c3288d992ee4ab40f99bad7b4e6208fc2801080e863de6926c8521def57
GET /a76964247e06c563a63b90778e56e2f4/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d158785eb323b3c98d126310881ca6d0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.blogger.com/dyn-css/authorization.css?targetBlogID=6645410357373314492&zx=ecf9385c-13a2-4e9e-9274-a6df7258971b
142.250.74.41200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6645410357373314492&zx=ecf9385c-13a2-4e9e-9274-a6df7258971b
IP 142.250.74.41:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6645410357373314492&zx=ecf9385c-13a2-4e9e-9274-a6df7258971b HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 05 Jan 2023 09:14:54 GMT
last-modified: Thu, 05 Jan 2023 09:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18411d03bf5526fef2fe50a8321ecb76
8f116810c6e9e6b93f2c261d9cc1aadd93fde446
0b9ce9a3ca7cb9f492e13d0241351a04efaf7697d70acbccecd928bd9f600aab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B9CE9A3CA7CB9F492E13D0241351A04EFAF7697D70ACBCCECD928BD9F600AAB"
Last-Modified: Thu, 05 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8621
Expires: Thu, 05 Jan 2023 11:38:35 GMT
Date: Thu, 05 Jan 2023 09:14:54 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ca9c8f95fe965b1e9790a60ebf410712
7dfca1e3f26d7472451827b88c74518415901b52
6a449f27b0c544de4b21e3cc89659d89371cdd845798adc31eab15d54dbd457a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/-T-V-PJOU4v0/XZYzHfq1dYI/AAAAAAAABOw/obz8rMcwKgEvPkHP1ahM2tyAqm8fRYZYwCK4BGAYYCw/w27-h27-p-k-nu/256-256.png
142.250.74.161200 OK 1.3 kB URL HTTP/1.1 3.bp.blogspot.com/-T-V-PJOU4v0/XZYzHfq1dYI/AAAAAAAABOw/obz8rMcwKgEvPkHP1ahM2tyAqm8fRYZYwCK4BGAYYCw/w27-h27-p-k-nu/256-256.png
IP 142.250.74.161:0
File type PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced\012- data
Hash d9dd93d058560e1e254b59abcc595606
2c3176b325d4b7a44b1f813149da2f1e1cb8291d
fdc94d53d1796c028c474c2f2fa236f730b1f0869a42108d706c307422329e21
GET /-T-V-PJOU4v0/XZYzHfq1dYI/AAAAAAAABOw/obz8rMcwKgEvPkHP1ahM2tyAqm8fRYZYwCK4BGAYYCw/w27-h27-p-k-nu/256-256.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="256-256.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1286
X-XSS-Protection: 0
Date: Thu, 05 Jan 2023 07:54:01 GMT
Expires: Sun, 06 Nov 2022 04:36:12 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 4853
ETag: "v4ed"
Content-Type: image/png
ad.a-ads.com/2145781?size=300x250
136.243.3.135200 OK 4.7 kB URL HTTP/1.1 ad.a-ads.com/2145781?size=300x250
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash f1f865428e0c948d7cf2595f37a56fbf
c9c58234845b442c44fe1621ff3e327d324525d3
a10e3151f7c4a76d7c0db5be39378276f855153063778982a0aa8a7fd07b1f66
GET /2145781?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://badosport8blogs.blogspot.com/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
static.a-ads.com/a-ads-banners/425767/300x250?region=eu-central-1
136.243.3.135200 OK 553 kB URL HTTP/1.1 static.a-ads.com/a-ads-banners/425767/300x250?region=eu-central-1
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 553 kB (552597 bytes)
Hash 5c0fd175092e25b5de58f290130b733e
000b2ac0d1c8995e66b7b4ae791669d68f0ab5c0
3f58e323e0745728f7fd308f10db7937e3a8a5489eeae60b9bbb74f43a51390c
GET /a-ads-banners/425767/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ad.a-ads.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: image/gif
Content-Length: 552597
Connection: keep-alive
x-amz-id-2: NkRR733/+Z6H7KR55Ps8uAdz2w0hluDLJjdpfeyKqvmadfbBL1PxhBVOLBWZJMJOQdhB29piYWo=
x-amz-request-id: 3KME15SSR08HA0RQ
x-amz-replication-status: COMPLETED
Last-Modified: Mon, 14 Nov 2022 10:39:43 GMT
ETag: "5c0fd175092e25b5de58f290130b733e"
Cache-Control: max-age=315360000
x-amz-version-id: pn1p08TBgSXsvFMFjZkGq2BsNKxSewr9
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges: bytes
static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
136.243.3.135200 OK 621 kB URL HTTP/1.1 static.a-ads.com/a-ads-banners/406681/300x250?region=eu-central-1
IP 136.243.3.135:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 621 kB (621339 bytes)
Hash c8694e7d5d3b9a928d4d57026ac2b68b
169b9f311167e19bd5061b53fc7e4f528e3ba7a9
0c23834abdcff9f74a47b37290da55f2c84c31c82ce26d9493b39a388b51ed6a
GET /a-ads-banners/406681/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ad.a-ads.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: image/gif
Content-Length: 621339
Connection: keep-alive
x-amz-id-2: UJHA3GT+eaoo+vTZ1X7h4J3du39RQgThrMvVJ+B+kC2z6bk9KKPrVp1EC4OgqiKTeBNIcYxLcR4=
x-amz-request-id: BHMPMVJPQHNZG8N6
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 04 Aug 2022 08:12:39 GMT
ETag: "c8694e7d5d3b9a928d4d57026ac2b68b"
Cache-Control: max-age=315360000
x-amz-version-id: 4E6UO4Ah7Y9Th7PfdrLCDL4YiygucdkX
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47cee49d6d308b9d22aa4c9f101885e4
4392b810d9f26aa2cfeb3fe267bc9a260073ccad
d1256ed5592c8277a3a5a0fd46f82ffd1cddf8ebb9a5ac15e4527189ee75f00d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1256ED5592C8277A3A5A0FD46F82FFD1CDDF8EBB9A5AC15E4527189EE75F00D"
Last-Modified: Thu, 05 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8104
Expires: Thu, 05 Jan 2023 11:29:58 GMT
Date: Thu, 05 Jan 2023 09:14:54 GMT
Connection: keep-alive
reposemarshknot.com/watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 reposemarshknot.com/watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1 HTTP/1.1
Host: reposemarshknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:54 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://reposemarshknot.com/watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=bb317ac3b9a15118db191a610b81172d3dd835d7afe957c4cea91b9dbb54a98ab79ef8d8c64a3c4dc0956ee380872b25c4f7477882bb532ddf21f16408159087750e0a6c353fe2e38c573189c8148c382885b3ee0167bfc581d75b95a069&pst=1672910154&rmtc=t
Set-Cookie: u_pl=18008634; expires=Fri, 06 Jan 2023 09:14:54 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODYzNCwiayI6ImFhYzhmOWVlYjZiOWRlODEzOTE3NTg1MjM0MDk1NWZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJnMHFzaXpiN2VzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.BCuPH7ni_7FzgnosXrP4i3jrkTkDmbE_QZZFzlHqNwI; expires=Thu, 05 Jan 2023 09:15:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14d88ff1aacff84e89dd3d804754858e
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dd098346e4d873daff01256b7c47ad3a
53cb1d5b712f95d3481bc20d79fce4d175946a78
cef95f2d1de93a99c924f54e3f4820b4b3fbff8960f022b111b2f372308120a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF95F2D1DE93A99C924F54E3F4820B4B3FBFF8960F022B111B2F372308120A1"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10959
Expires: Thu, 05 Jan 2023 12:17:34 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
reposemarshknot.com/watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=bb317ac3b9a15118db191a610b81172d3dd835d7afe957c4cea91b9dbb54a98ab79ef8d8c64a3c4dc0956ee380872b25c4f7477882bb532ddf21f16408159087750e0a6c353fe2e38c573189c8148c382885b3ee0167bfc581d75b95a069&pst=1672910154&rmtc=t
173.233.137.36200 OK 2.1 kB URL HTTP/1.1 reposemarshknot.com/watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=bb317ac3b9a15118db191a610b81172d3dd835d7afe957c4cea91b9dbb54a98ab79ef8d8c64a3c4dc0956ee380872b25c4f7477882bb532ddf21f16408159087750e0a6c353fe2e38c573189c8148c382885b3ee0167bfc581d75b95a069&pst=1672910154&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2629)
Hash 6b9576b283cff0593084ce9e587a057d
251ec47c9fb93b238da38d827bd9d851d37bfddd
cc26df487da29525089e4f63f344787d4e7f4a4a8ea9a9a1e4f56e4558f16183
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1376866328577.js?key=aac8f9eeb6b9de8139175852340955ff&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=bb317ac3b9a15118db191a610b81172d3dd835d7afe957c4cea91b9dbb54a98ab79ef8d8c64a3c4dc0956ee380872b25c4f7477882bb532ddf21f16408159087750e0a6c353fe2e38c573189c8148c382885b3ee0167bfc581d75b95a069&pst=1672910154&rmtc=t HTTP/1.1
Host: reposemarshknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Referer: http://badosport8blogs.blogspot.com/
Connection: keep-alive
Cookie: u_pl=18008634; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODYzNCwiayI6ImFhYzhmOWVlYjZiOWRlODEzOTE3NTg1MjM0MDk1NWZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJnMHFzaXpiN2VzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.BCuPH7ni_7FzgnosXrP4i3jrkTkDmbE_QZZFzlHqNwI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
iprc3fe2d875f460daefad2946a2f26b71d4=3569807; expires=Thu, 05 Jan 2023 13:14:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv27=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs27=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 274cea1f0cf7b6bf426a0c91c33df221
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
initiallycoffee.com/watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
173.233.137.52307 Temporary Redirect 0 B URL HTTP/1.1 initiallycoffee.com/watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1 HTTP/1.1
Host: initiallycoffee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://initiallycoffee.com/watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=1c6d5069550d3173a7e4ae03a64431fe614f5d894cc9c829659ef05b661a9efaa11c9fe3026ba59849912ea9e7285e7ee004b34e750990e695c4e15d87815f1908e48d2f1b2c478ab1d589e62c2dc5970782125ce7ba78ec8cd4bfc44104a5&pst=1672910155&rmtc=t
Set-Cookie: u_pl=18003581; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwMzU4MSwiayI6ImE3Njk2NDI0N2UwNmM1NjNhNjNiOTA3NzhlNTZlMmY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Indlczg2YTc1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.SdtVCiDJbImRYgUny0OdXFCRpOK6KQqJEz4GY5x_sGw; expires=Thu, 05 Jan 2023 09:15:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e7672cee647e3565f9b5cb78fe450811
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 138ac33bb015e889698bcdae1c238c5c
1f3bb76b7a1d4ba6786e706b6deb670c83ea55c7
f90007bf6735a4cf4138c7f743c152682806a0546ea4d3091c4298f7502f8bc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F90007BF6735A4CF4138C7F743C152682806A0546EA4D3091C4298F7502F8BC8"
Last-Modified: Thu, 05 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12178
Expires: Thu, 05 Jan 2023 12:37:53 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
temperrunnersdale.com/watch.823613179091.js?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
173.233.137.60307 Temporary Redirect 0 B URL HTTP/1.1 temperrunnersdale.com/watch.823613179091.js?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.823613179091.js?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://temperrunnersdale.com/watch.823613179091.js?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=f8baa21112d07097e085c9067a071e2d299d43b790e07cdf88f90ea5e64da522f9f9383de41a94142d14807cca79393b13d07ace1ef2ef701e3fe6d8dae8d31a1af5b7d9b3009f0141e7ec19fd33c86e507e754dd4a3d0d54782a11e7f7629&pst=1672910155&rmtc=t
Set-Cookie: u_pl=18008648; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODY0OCwiayI6IjU4YjI1ZjkzNjQ0ZDFjZGU0MjA1OWJiY2NkMDYxMGQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiejg1MDVxYWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2JhZG9zcG9ydDhibG9ncy5ibG9nc3BvdC5jb20vMjAyMy8wMS9hdGFuZWVuLTMtcGx1cy5odG1sIn19.1Dc_w3vnhshYGNzBqK9AxTbMmzEGwEV6NthiCMMbTSg; expires=Thu, 05 Jan 2023 09:15:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c87e9fc0b663a691916d05c8f785587
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04afaa75b1eb2a12a51fa3b6a5403949
b2c96cbaa1cc57dfdab98d730cd7155c0325377d
73eac24803858fb8b56aac9d8c5e96c6e8f549b74c7d507ecccd3433f87dc060
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73EAC24803858FB8B56AAC9D8C5E96C6E8F549B74C7D507ECCCD3433F87DC060"
Last-Modified: Wed, 04 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13838
Expires: Thu, 05 Jan 2023 13:05:33 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
initiallycoffee.com/watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=1c6d5069550d3173a7e4ae03a64431fe614f5d894cc9c829659ef05b661a9efaa11c9fe3026ba59849912ea9e7285e7ee004b34e750990e695c4e15d87815f1908e48d2f1b2c478ab1d589e62c2dc5970782125ce7ba78ec8cd4bfc44104a5&pst=1672910155&rmtc=t
173.233.137.52200 OK 642 B URL HTTP/1.1 initiallycoffee.com/watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=1c6d5069550d3173a7e4ae03a64431fe614f5d894cc9c829659ef05b661a9efaa11c9fe3026ba59849912ea9e7285e7ee004b34e750990e695c4e15d87815f1908e48d2f1b2c478ab1d589e62c2dc5970782125ce7ba78ec8cd4bfc44104a5&pst=1672910155&rmtc=t
IP 173.233.137.52:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (602)
Hash 421e0c6d933710255cfe645f4379c14e
5108fee47aed5089920134d96ec7e4e900dc72d2
d1ecdd882efb3a454005399eccafe3e1bc3499bade8a2b50ad93034ec8ddd829
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.413307965535.js?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&shu=1c6d5069550d3173a7e4ae03a64431fe614f5d894cc9c829659ef05b661a9efaa11c9fe3026ba59849912ea9e7285e7ee004b34e750990e695c4e15d87815f1908e48d2f1b2c478ab1d589e62c2dc5970782125ce7ba78ec8cd4bfc44104a5&pst=1672910155&rmtc=t HTTP/1.1
Host: initiallycoffee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Referer: http://badosport8blogs.blogspot.com/
Connection: keep-alive
Cookie: u_pl=18003581; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwMzU4MSwiayI6ImE3Njk2NDI0N2UwNmM1NjNhNjNiOTA3NzhlNTZlMmY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Indlczg2YTc1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.SdtVCiDJbImRYgUny0OdXFCRpOK6KQqJEz4GY5x_sGw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
iprc99afab5047022e87fda873bb0c237e0a=2717340; expires=Fri, 06 Jan 2023 11:14:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae238720391016bf58ef01a579aef11a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Thu, 05 Jan 2023 10:18:23 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Thu, 05 Jan 2023 10:18:23 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Thu, 05 Jan 2023 10:18:23 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Thu, 05 Jan 2023 10:18:23 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e008157-006e-4fc4-a009-988efdb9c19f.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e008157-006e-4fc4-a009-988efdb9c19f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8be0ecd7647e0d987924b87ff341aaf0
44b7669ac425df3a3212b8c44bb49c8341422057
e4baa8a7c3ac7e057edc5ead61473f8d1eca9c4942fc7d674e57cf79fd9d5711
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e008157-006e-4fc4-a009-988efdb9c19f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: 699d42b6-4512-4db8-a4e3-9635a37054af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eMnz-FZPoAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b4ece6-266bef8e32f275ea38badc4b;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 03:05:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FNTY4iKuxoXzbTn4CzBfTUAnMLx4q9A0C3L1U3gczUuaABpnBabnVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:26:27 GMT
age: 20908
etag: "44b7669ac425df3a3212b8c44bb49c8341422057"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Thu, 05 Jan 2023 10:18:23 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3b4649b-af64-4a5a-a27f-7ce64e847119.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3b4649b-af64-4a5a-a27f-7ce64e847119.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc016e8d2ccf978fbdda03d25aa5f38d
d1d9d3169fa06ab1f165a7727ceafd70f448bcb1
73ad3ca2406444b064977848842333a9de43499856e899b620dc19d4742c7b16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3b4649b-af64-4a5a-a27f-7ce64e847119.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4915
x-amzn-requestid: ddf9b16e-ae8d-4772-9e0d-85bfbd3da78c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGCNXHGUIAMFuiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b24a55-5a242201531033f1017e2813;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 03:07:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9ybWq4NupEPYUEyx6nUeCwG8mcZN89C-7tHtOVKOrwZHLZd6OWLu8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 07:37:31 GMT
age: 5844
etag: "d1d9d3169fa06ab1f165a7727ceafd70f448bcb1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fa6a01c-46d6-4da2-a9c5-b0c4eb493b7c.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fa6a01c-46d6-4da2-a9c5-b0c4eb493b7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc01bd9bbc532db4cab1fd75db43eaa0
be216b1693e6049b3896667348c91f7c525d1175
562b35431b14d57d97913b388784d7949908acbc920e4811f15c46b99c0200cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fa6a01c-46d6-4da2-a9c5-b0c4eb493b7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3053
x-amzn-requestid: b8ae4cad-d262-49f9-b70e-37c888c8ae22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eCvChGxqIAMFTeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0f876-018a733e43ae9e2133fa87f5;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 03:05:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -mi_cNAnQ3ouWOORgXjRIPJ-9GPAijPr0MxOzJG-UZ9dOaaZi33FPQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 05:35:05 GMT
age: 13190
etag: "be216b1693e6049b3896667348c91f7c525d1175"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vIFVXgt2RmoplkAVOtUrOkXj3LmhRw-XEPe7fugZ2-mv_iDY07XzUg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 23:39:12 GMT
age: 34543
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4148f46-96a7-4939-96bb-68a4dfd7d78e.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4148f46-96a7-4939-96bb-68a4dfd7d78e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64a319c9177608c935ab9266fb6340bf
736103d51a827f76da95e5a6839b27278ed1e41e
3ab12956a0acb1479b54cc9205756aea575cd03c56c56901bc2dcd71e25db0d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4148f46-96a7-4939-96bb-68a4dfd7d78e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9560
x-amzn-requestid: 508636ac-4f34-473e-a9f5-b411a56fabd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePK0PGE7oAMF4dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1b4-00dcf18377c4c3275b9971f4;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xl2aatuyW0-dKh9Uu-Rtx6IXngiBS833lq4TL3Sun3KD2JKw0vo7DQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:58:12 GMT
age: 40603
etag: "736103d51a827f76da95e5a6839b27278ed1e41e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3f96f2f-9480-405d-a177-757b4cdb01db.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3f96f2f-9480-405d-a177-757b4cdb01db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d24a6df88f783b455a57250f1d92ccac
ce2e1d0f4925717aca4f2d02dc87c2e16879bcb8
89b3dfc01030e6329f7f0e2240df218ab037386b5ff87df388e83c680ddccb3d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3f96f2f-9480-405d-a177-757b4cdb01db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8296
x-amzn-requestid: 3dc67582-04fe-45bd-b3c8-0c8f1d228582
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePK0FEFhIAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1b3-5c3a498a15a4219e10e8c3ef;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:55 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uOp9PtN3StLD5z7sJewKOfNIVRPEGHMPafVgTyJZUl0Di-DeM_WjCw==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 22:15:22 GMT
age: 39573
etag: "ce2e1d0f4925717aca4f2d02dc87c2e16879bcb8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
temperrunnersdale.com/watch.823613179091?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
173.233.137.60200 OK 1.2 kB URL HTTP/1.1 temperrunnersdale.com/watch.823613179091?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (486)
Hash 1a220e62a49d772e7bf7bd09704a546f
3c1a9c804e0b911b9f7a85c9e37303ba897954b5
92fbeaf12f138e11c1ecc3b58496889e506f1a42637c91b6ff21f85587489384
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.823613179091?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1 HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Cookie: u_pl=18008648; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODY0OCwiayI6IjU4YjI1ZjkzNjQ0ZDFjZGU0MjA1OWJiY2NkMDYxMGQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiejg1MDVxYWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2JhZG9zcG9ydDhibG9ncy5ibG9nc3BvdC5jb20vMjAyMy8wMS9hdGFuZWVuLTMtcGx1cy5odG1sIn19.1Dc_w3vnhshYGNzBqK9AxTbMmzEGwEV6NthiCMMbTSg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODY0OCwiayI6IjU4YjI1ZjkzNjQ0ZDFjZGU0MjA1OWJiY2NkMDYxMGQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiejg1MDVxYWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.Gip288t9PyDt7fd_XFmhVa04LzkF5l3G2bfkXsgM7oU; expires=Thu, 05 Jan 2023 09:15:55 GMT; secure; SameSite=None
uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f5b66a714f5806e8d760355d6b6ad80
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fixespreoccupation.com/watch.1273765728384?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
173.233.137.36200 OK 1.2 kB URL HTTP/1.1 fixespreoccupation.com/watch.1273765728384?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (486)
Hash b37d1ef7303b32c0a8b375622b4de5ae
4f2cfffb30bccf1f603823406f8bb3294effdfc7
339fe799ecf402f7cbaa4e218f73c6974fa00bb381ebc83441cf30b8347cfc55
GET /watch.1273765728384?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1 HTTP/1.1
Host: fixespreoccupation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18003581; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwMzU4MSwiayI6ImE3Njk2NDI0N2UwNmM1NjNhNjNiOTA3NzhlNTZlMmY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Indlczg2YTc1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.SdtVCiDJbImRYgUny0OdXFCRpOK6KQqJEz4GY5x_sGw; expires=Thu, 05 Jan 2023 09:15:55 GMT; secure; SameSite=None
uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3bef5ef5e00731aab38c315beb051c69
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
temperrunnersdale.com/watch.823613179091?shu=213d1354f6480bbd5a331e44270055b8148ceb57e7890cd9c405fb06f43594276b0443a4e4f16dc6788f4641361fab6d63db915d51ed4f4a1836bb5644089faa7023af27d0088c2723df8a3b386b4d0e85e3ee7b8719360c9e7b6de3a19f7e&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=58b25f93644d1cde42059bbccd0610d3&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D
173.233.137.60200 OK 1.8 kB URL HTTP/1.1 temperrunnersdale.com/watch.823613179091?shu=213d1354f6480bbd5a331e44270055b8148ceb57e7890cd9c405fb06f43594276b0443a4e4f16dc6788f4641361fab6d63db915d51ed4f4a1836bb5644089faa7023af27d0088c2723df8a3b386b4d0e85e3ee7b8719360c9e7b6de3a19f7e&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=58b25f93644d1cde42059bbccd0610d3&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2556)
Hash 5fe4f0ea18a56c5aa207616faaba04ab
5ae1228827a73d1b18a75cc075bf815fb098e78b
cbabd478ee21c355b81f804c0550ed52b3af968cf964cba45b8651730982ef51
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.823613179091?shu=213d1354f6480bbd5a331e44270055b8148ceb57e7890cd9c405fb06f43594276b0443a4e4f16dc6788f4641361fab6d63db915d51ed4f4a1836bb5644089faa7023af27d0088c2723df8a3b386b4d0e85e3ee7b8719360c9e7b6de3a19f7e&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=58b25f93644d1cde42059bbccd0610d3&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D HTTP/1.1
Host: temperrunnersdale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://temperrunnersdale.com/watch.823613179091?key=58b25f93644d1cde42059bbccd0610d3&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
Cookie: u_pl=18008648; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwODY0OCwiayI6IjU4YjI1ZjkzNjQ0ZDFjZGU0MjA1OWJiY2NkMDYxMGQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJiejg1MDVxYWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.Gip288t9PyDt7fd_XFmhVa04LzkF5l3G2bfkXsgM7oU; uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23d20a8fa17c154ccf0576064bcf6d26
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 225a8773b38ca7562acf39591f5f4f32
d31649fa1d0df1b33668df318eed078d3e772431
234e5cc5e53484efc3b309909394ea3d831572a6ec2b2f355de8fe5df020fa7b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "234E5CC5E53484EFC3B309909394EA3D831572A6EC2B2F355DE8FE5DF020FA7B"
Last-Modified: Wed, 04 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=952
Expires: Thu, 05 Jan 2023 09:30:47 GMT
Date: Thu, 05 Jan 2023 09:14:55 GMT
Connection: keep-alive
fixespreoccupation.com/watch.1273765728384?shu=6a85a514d0cb2e86b3dd44d81d37da2a213f072a0320dcc7e7617c698ffbe72ba13ef29714362a7c81432f9b532216aa62b7a2e20d72127609edd4ed9764332d8a9bf656fe0f19e81406f374fc9a0220c3da0f3bdb563f9ff6e5c8635948c221db&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=a76964247e06c563a63b90778e56e2f4&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&tz=0
173.233.137.36200 OK 1.8 kB URL HTTP/1.1 fixespreoccupation.com/watch.1273765728384?shu=6a85a514d0cb2e86b3dd44d81d37da2a213f072a0320dcc7e7617c698ffbe72ba13ef29714362a7c81432f9b532216aa62b7a2e20d72127609edd4ed9764332d8a9bf656fe0f19e81406f374fc9a0220c3da0f3bdb563f9ff6e5c8635948c221db&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=a76964247e06c563a63b90778e56e2f4&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&tz=0
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2521)
Hash 4b75ab36e13a182ec7b922a4900e8008
99ef3248b2eff7086f00e78f255b3102718a9512
b155c6fac8c10a86d4e50c6158f0ef1eadf20ae29c88b4aa94355bf3c821be29
GET /watch.1273765728384?shu=6a85a514d0cb2e86b3dd44d81d37da2a213f072a0320dcc7e7617c698ffbe72ba13ef29714362a7c81432f9b532216aa62b7a2e20d72127609edd4ed9764332d8a9bf656fe0f19e81406f374fc9a0220c3da0f3bdb563f9ff6e5c8635948c221db&pst=1672910155&rmtc=t&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1&pii=&in=false&key=a76964247e06c563a63b90778e56e2f4&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&dev=e&res=12.1053&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&tz=0 HTTP/1.1
Host: fixespreoccupation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fixespreoccupation.com/watch.1273765728384?key=a76964247e06c563a63b90778e56e2f4&kw=%5B%22%D8%AA%D8%B7%D8%A8%D9%8A%D9%82%22%2C%22ataneen%22%2C%223%22%2C%22plus%22%5D&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F2023%2F01%2Fataneen-3-plus.html&tz=0&dev=e&res=12.1053&uuid=d575874e-d559-4ad6-b5d7-94bf0297af0e%3A3%3A1
Cookie: u_pl=18003581; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODAwMzU4MSwiayI6ImE3Njk2NDI0N2UwNmM1NjNhNjNiOTA3NzhlNTZlMmY0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDkwMTE5LCJwaWQiOjYyMTc0MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Indlczg2YTc1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9iYWRvc3BvcnQ4YmxvZ3MuYmxvZ3Nwb3QuY29tLzIwMjMvMDEvYXRhbmVlbi0zLXBsdXMuaHRtbCJ9fQ.SdtVCiDJbImRYgUny0OdXFCRpOK6KQqJEz4GY5x_sGw; uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
Access-Control-Allow-Origin: http://badosport8blogs.blogspot.com/2023/01/ataneen-3-plus.html
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d575874e-d559-4ad6-b5d7-94bf0297af0e:3:1; expires=Thu, 12 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 06 Jan 2023 09:14:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8b7d3ca49c7939ca83ac11b21f593ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/73/c6/8e/73c68ef94497052809f7fd3edc0b2e6e/1668175720.gif
45.133.44.9200 OK 42 kB URL HTTP/2 cdn.cloudimagesb.com/bi/73/c6/8e/73c68ef94497052809f7fd3edc0b2e6e/1668175720.gif
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 320 x 50\012- data
Hash e352c134693a85b0c01e203e187c8875
1df8ed6d48342c516e0e20a5959133aa23fc4fa4
83ab4dd0675e82adc1bb44ebbf156c05335abe94c10a69354e502270e721ca4d
GET /bi/73/c6/8e/73c68ef94497052809f7fd3edc0b2e6e/1668175720.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://temperrunnersdale.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:55 GMT
content-type: image/gif
content-length: 41780
server: nginx/1.17.6
last-modified: Fri, 11 Nov 2022 14:08:48 GMT
etag: "636e5770-a334"
expires: Sat, 07 Jan 2023 09:14:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/41/12/96/411296dc31ffd3277b57a1c99e9031c0/1611324050.jpg
45.133.44.9200 OK 100 kB URL HTTP/2 cdn.cloudimagesb.com/bi/41/12/96/411296dc31ffd3277b57a1c99e9031c0/1611324050.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Macintosh), datetime=2021:01:20 21:25:37], progressive, precision 8, 300x250, components 3\012- data
Size 100 kB (100318 bytes)
Hash b28ac66bef5edfeb580c04cc00e9e0f7
e8ffb619727dc9bc745e74d3a022cd10df049950
711e0c73c5536b0d67c5f6969619be8b9e52d88d2eb6e25aa6b7d8019fabd563
GET /bi/41/12/96/411296dc31ffd3277b57a1c99e9031c0/1611324050.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fixespreoccupation.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:55 GMT
content-type: image/jpeg
content-length: 100318
server: nginx/1.17.6
last-modified: Fri, 22 Jan 2021 14:00:59 GMT
etag: "600ada9b-187de"
expires: Sat, 07 Jan 2023 09:14:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18003581
192.243.59.13200 OK 1.3 kB URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18003581
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8c3872ca2ae5d20c900f03a2aa79e23f
5c09392c0bb3b03ef2fc37fdc8e4228a172cc890
0fe444ae2e3e67396f9ca6f7ea55679dff051a740baf53a0aa14d0b4336e6f36
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18003581 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 05 Jan 2023 09:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Fri, 06 Jan 2023 09:14:55 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgwMDM1ODEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2JhZG9zcG9ydDhibG9ncy5ibG9nc3BvdC5jb20vIn19.GKQekt4VrA5QqqqfFkvCwB5KcoBwQfr9hIuYkMk-Er8; expires=Thu, 05 Jan 2023 09:15:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8571abec7558837f05dde9efa909d17d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.spikereekvelocity.com/dyfc1k09?shu=2cabb2556f9feb2d85db79e2555b8e36519fcd135ea2e2c3e416d09bad146298c6b32f632c51c6c145f2ca59192d1757df5d9a167e1ff3a52c8117563fc6116b7a2d075f0a7859c6ec4cd04092ed831fc9063f38&pst=1672910155&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F&psid=18003581
192.243.59.13302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?shu=2cabb2556f9feb2d85db79e2555b8e36519fcd135ea2e2c3e416d09bad146298c6b32f632c51c6c145f2ca59192d1757df5d9a167e1ff3a52c8117563fc6116b7a2d075f0a7859c6ec4cd04092ed831fc9063f38&pst=1672910155&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F&psid=18003581
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dyfc1k09?shu=2cabb2556f9feb2d85db79e2555b8e36519fcd135ea2e2c3e416d09bad146298c6b32f632c51c6c145f2ca59192d1757df5d9a167e1ff3a52c8117563fc6116b7a2d075f0a7859c6ec4cd04092ed831fc9063f38&pst=1672910155&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fbadosport8blogs.blogspot.com%2F&psid=18003581 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgwMDM1ODEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2JhZG9zcG9ydDhibG9ncy5ibG9nc3BvdC5jb20vIn19.GKQekt4VrA5QqqqfFkvCwB5KcoBwQfr9hIuYkMk-Er8; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Thu, 05 Jan 2023 09:14:56 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://xml-v4.trafficmoose.com/click?seat=1705924&i=3b*y8SVsI5M_0
Set-Cookie: pdhtkv=true; expires=Fri, 06 Jan 2023 09:14:56 GMT
uncs=1; expires=Fri, 06 Jan 2023 09:14:56 GMT
pdhtkv28=true; expires=Fri, 06 Jan 2023 09:14:56 GMT
uncs28=1; expires=Fri, 06 Jan 2023 09:14:56 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f15b2583484f468e6cab470b59bda836
Strict-Transport-Security: max-age=0; includeSubdomains
xml-v4.trafficmoose.com/click?seat=1705924&i=3b*y8SVsI5M_0
198.134.116.17302 Found 0 B URL HTTP/1.1 xml-v4.trafficmoose.com/click?seat=1705924&i=3b*y8SVsI5M_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=1705924&i=3b*y8SVsI5M_0 HTTP/1.1
Host: xml-v4.trafficmoose.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
95.101.10.186307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
IP 95.101.10.186:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Thu, 05 Jan 2023 09:14:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 05 Jan 2023 09:14:56 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d; domain=.unibet.com; expires=Sat, 05-Jan-3022 09:14:56 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=128, cdn-cache; desc=MISS
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 05 Jan 2023 09:14:57 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
set-cookie: JSESSIONID=node0y4f1knczeys71mudj4taqyp2k5992087.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0y4f1knczeys71mudj4taqyp2k; Path=/; Domain=.unibet.nu; Expires=Sat, 04-Jan-2025 09:14:57 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Sat, 04-Jan-2025 09:14:57 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Sat, 04-Jan-2025 09:14:57 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_568C68F54F424ADA97415DDAA11C6452; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=68248853; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26sref%3DTRM%26TRM%3Dd_114896.16122660%26affiliateId%3D1%26pid%3D68248853%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 05 Jan 2023 09:14:57 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_568C68F54F424ADA97415DDAA11C6452&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0y4f1knczeys71mudj4taqyp2k; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320665405_568C68F54F424ADA97415DDAA11C6452; BID=37950; PID=68248853; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26sref%3DTRM%26TRM%3Dd_114896.16122660%26affiliateId%3D1%26pid%3D68248853%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 05 Jan 2023 09:14:57 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 05 Jan 2023 09:14:57 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c69abb52781cc8878f58bf84bc6c0047
b6a8cc5722baa3b7414a96f65a4a09ec91feda71
d2433140865d9b2abfb1d20aab3525171541fe69cbf27f925909aa9b36c99eeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2433140865D9B2ABFB1D20AAB3525171541FE69CBF27F925909AA9B36C99EEB"
Last-Modified: Wed, 04 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18377
Expires: Thu, 05 Jan 2023 14:21:14 GMT
Date: Thu, 05 Jan 2023 09:14:57 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 561e959ce9eff04b09da6f3def82f549
7866f989cdfb160709f4c93b767fd01e5553d75b
9076b4ae1a34ab02b362ffa44ecbf6d579f82042cfd7e7138977477ea5bd3e61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 561e959ce9eff04b09da6f3def82f549
7866f989cdfb160709f4c93b767fd01e5553d75b
9076b4ae1a34ab02b362ffa44ecbf6d579f82042cfd7e7138977477ea5bd3e61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jan 2023 22:35:23 GMT
expires: Wed, 03 Jan 2024 22:35:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 124774
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 561e959ce9eff04b09da6f3def82f549
7866f989cdfb160709f4c93b767fd01e5553d75b
9076b4ae1a34ab02b362ffa44ecbf6d579f82042cfd7e7138977477ea5bd3e61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 561e959ce9eff04b09da6f3def82f549
7866f989cdfb160709f4c93b767fd01e5553d75b
9076b4ae1a34ab02b362ffa44ecbf6d579f82042cfd7e7138977477ea5bd3e61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/widget/betslip/betslip.js
104.18.25.188200 OK 102 kB URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.25.188:0
File type ASCII text, with very long lines (693)
Size 102 kB (102294 bytes)
Hash 90f4d77cdc47c5a326c653c1d672b2b9
88270bec309c05b54f3b43e2f1ac9258f55c9698
1343a6af20517c2a14e9477b7e813115752021f8eed2e20c0ad21cd7677c3aee
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4e8c5c1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
104.18.25.188200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 104.18.25.188:0
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: font/woff2
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: "0x8DACBBCB4A3B989"
x-ms-request-id: b6f7cb18-201e-0029-1a03-032c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261746
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4edcae1c06-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 75 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Hash edc30eef88ec601a188b1fe7b25a9564
16b5d4fa678498696bba868d95a79ce93f4ac4c2
f12e5526d0c45706801de34e3c1af9ce144b3076981bff09fb667c0bfbd39f46
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dbb8a1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 19:33:56 GMT
expires: Thu, 04 Jan 2024 19:33:56 GMT
cache-control: public, max-age=31536000
age: 49261
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 19:33:54 GMT
expires: Thu, 04 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 49263
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jan 2023 19:34:15 GMT
expires: Thu, 04 Jan 2024 19:34:15 GMT
cache-control: public, max-age=31536000
age: 49242
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:0
File type ASCII text, with very long lines (62112)
Hash 8034b7dd57873be2583481666e4ff646
a3cabacd79f5bea71a32e46cf3bd0feec2342fb2
f3f71dca3bfff29671ba4b16a07b1e983d8eded5ea846332d3bc879562afa44b
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 09:14:57 GMT
expires: Thu, 05 Jan 2023 09:14:57 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80804
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 643 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 55910f8190143aff3592926679045332
00b71b0262569f92eb892ce45370f4a5fa97a34f
b229b21e0d49cca739fcaaf8802d3d71febc21d9f3e7e739ca74b32932601885
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/xml
x-ms-request-id: b6a87401-c01e-000e-80e5-203bb2000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 223
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4ecca11c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.148.8200 OK 364 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with very long lines (704), with no line terminators
Hash 27597598b2294bd04295f7fefc71fe18
e4ca85d6924a0fe95fa5a87da3e8c92df9d43e6d
bb1b72265411eb99c254d13e523a0ddb0da9b73714d5715d3a4386f2b4ed828b
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/json
content-length: 364
access-control-expose-headers: CE-Version
ce-version: 11.5.16
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 24 Dec 2022 15:01:03 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 1016034
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b501c23b50b-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
37.252.171.21307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 37.252.171.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 05 Jan 2023 09:14:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 35e9eb92-1d84-4a59-b9f5-1127e3a15512
Set-Cookie: uuid2=887734294343060575; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 05-Apr-2023 09:14:57 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 2.0 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 92f07f0b69399e984f32475e20a1b124
52907b1bf877239dfe23755a8e1448ff95cdf17f
b898c39720a65b1da1127f82ed26e4f9ff6d8aa4bf9a6d80f31aa6eaf4d06724
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Thu, 05 Jan 2023 09:14:57 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=15ba40cd1caa1bec2184ac4d6bc54f4c82e5289caaa419bdac02883b5bb07792;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=15ba40cd1caa1bec2184ac4d6bc54f4c82e5289caaa419bdac02883b5bb07792;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 7.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
Hash 79d5662aa6e6685df575bb35e8488dfb
6ef4e3bbaca0c0d0b0a4ed3b5b07f4a9c77b1b06
0c1afe39456fd70ba1b5a348d399e9e16d271cff21be51c365cf74d57cdb6ac4
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261756
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d8b541c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 671 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash b4762dc1765e433c2dac118c17deb15f
a1dc34338a4496e2f3c343a3e35c9ced3835a57c
7023d543660d299c84d3833312ec9a54f74ae5d044d3f8658c768611466654e2
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/xml
x-ms-request-id: b6a87401-c01e-000e-80e5-203bb2000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 223
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dbb8c1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 84a9033d258dd1f835d3fa92cbbca891
e2dfe06115bff549bf41fbb5e6a177c6a85dbbcb
47423e3628fdd0cb40b805abc855924566592e172fefcc07977d1bec452278b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1231
Cache-Control: max-age=102262
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:58 GMT
Etag: "63b57cb9-116"
Expires: Fri, 06 Jan 2023 13:39:20 GMT
Last-Modified: Wed, 04 Jan 2023 13:18:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 84a9033d258dd1f835d3fa92cbbca891
e2dfe06115bff549bf41fbb5e6a177c6a85dbbcb
47423e3628fdd0cb40b805abc855924566592e172fefcc07977d1bec452278b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1231
Cache-Control: max-age=102262
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:58 GMT
Etag: "63b57cb9-116"
Expires: Fri, 06 Jan 2023 13:39:20 GMT
Last-Modified: Wed, 04 Jan 2023 13:18:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 84a9033d258dd1f835d3fa92cbbca891
e2dfe06115bff549bf41fbb5e6a177c6a85dbbcb
47423e3628fdd0cb40b805abc855924566592e172fefcc07977d1bec452278b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1231
Cache-Control: max-age=102262
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:58 GMT
Etag: "63b57cb9-116"
Expires: Fri, 06 Jan 2023 13:39:20 GMT
Last-Modified: Wed, 04 Jan 2023 13:18:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fa01362a7081c6c3148d475a18bb1b52
7ab042fdf1d3652dad768211ebc0b153766de484
84d23baa7590b187e27dd07a0e65003195c70f82a5e6920fa34798739f184596
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6552
Cache-Control: max-age=87066
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 09:14:58 GMT
Etag: "63b52c94-1d7"
Expires: Fri, 06 Jan 2023 09:26:04 GMT
Last-Modified: Wed, 04 Jan 2023 07:36:52 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89626805736729640720625916923112047718&ts=1672910088109
15.236.176.210200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89626805736729640720625916923112047718&ts=1672910088109
IP 15.236.176.210:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=89626805736729640720625916923112047718&ts=1672910088109 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Thu, 05 Jan 2023 09:14:58 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
34.247.60.250200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.247.60.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 5 Jan 2023 09:14:58 GMT
DCS: dcs-prod-irl1-2-v045-0f45dc272.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:26:52 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: RSOVMTulTNY=
transfer-encoding: chunked
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s99449522847655?AQB=1&ndh=1&pf=1&t=5%2F0%2F2023%209%3A14%3A48%204%200&mid=89626805736729640720625916923112047718&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A14%20AM%7CThursday&v6=9%3A14%20AM%7CThursday&v11=GBP&c14=New&v14=New&c16=1672910088&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_568C68F54F424ADA97415DDAA11C6452&v126=68248853&v127=37950&v134=1672910087&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.236.176.210200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s99449522847655?AQB=1&ndh=1&pf=1&t=5%2F0%2F2023%209%3A14%3A48%204%200&mid=89626805736729640720625916923112047718&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A14%20AM%7CThursday&v6=9%3A14%20AM%7CThursday&v11=GBP&c14=New&v14=New&c16=1672910088&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_568C68F54F424ADA97415DDAA11C6452&v126=68248853&v127=37950&v134=1672910087&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.236.176.210:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s99449522847655?AQB=1&ndh=1&pf=1&t=5%2F0%2F2023%209%3A14%3A48%204%200&mid=89626805736729640720625916923112047718&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_568C68F54F424ADA97415DDAA11C6452%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A14%20AM%7CThursday&v6=9%3A14%20AM%7CThursday&v11=GBP&c14=New&v14=New&c16=1672910088&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_568C68F54F424ADA97415DDAA11C6452&v126=68248853&v127=37950&v134=1672910087&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Thu, 05 Jan 2023 09:14:58 GMT
expires: Wed, 04 Jan 2023 09:14:58 GMT
last-modified: Fri, 06 Jan 2023 09:14:58 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3592547080723103744-4619782661547136584
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 9e7a873bab219c26e7c1996b7b6a2bd4
d6bbaf9f2885c491d4dd37bba2de42fcf423ff50
d6eaf63c5e1abbc355bd243a9409d3939b4b97b7ee59237fb1431d2fe6ba9053
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 05 Jan 2023 09:14:58 GMT
Last-Modified: Thu, 05 Jan 2023 08:26:37 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _dfRqcQqLeyoR6oHaENi_u-fFrdAFeLpE8Mtt9oru84mgjQ3rDcyog==
Age: 2901
cm.everesttech.net/cm/dd?d_uuid=89664156571785795710621912185652427261
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=89664156571785795710621912185652427261
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=89664156571785795710621912185652427261 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Thu, 05 Jan 2023 09:14:58 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y7aVEgAAANsZJQOY; Domain=.everesttech.net; Expires=Fri, 05-Jan-2024 09:14:58 GMT; Path=/
everest_session_v2=Y7aVEgAAANsZJgOY; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
34.247.60.250302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
IP 34.247.60.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y7aVEgAAANsZJQOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-071cdea73.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=24241397315751961123927556481139823984; Max-Age=15552000; Expires=Tue, 04 Jul 2023 09:14:58 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SMeXElAgSsI=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
34.247.60.250200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7aVEgAAANsZJQOY
IP 34.247.60.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y7aVEgAAANsZJQOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0826e4ce6.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: pFcBQ4TMTB4=
Content-Length: 59
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b701c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261756
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b641c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
45.133.44.9200 OK 0 B URL HTTP/2 cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:55 GMT
content-type: image/png
content-length: 67174
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Sat, 07 Jan 2023 09:14:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b6c1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dab821c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dab811c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.172.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.172.188:0
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:58 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 414
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b522f34fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dbb8e1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 05 Jan 2023 09:14:57 GMT
date: Thu, 05 Jan 2023 09:14:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.172.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.172.188:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:58 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 419
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b522f35fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: cc928d83-201e-005b-1be6-202b39000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4b98e01c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4dab871c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: text/css
x-amz-id-2: kIWUcp4/gRprxrhG4Bo7YL49QfCfoJzgcb+lBni7kDeALpU6YcOHbXZK3Ce3+VKgInDBPr7yuoA=
x-amz-request-id: GQJ6HHGYZ6JW9X6Q
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 734582
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKRsgWB2IFDYIIscxHoX%2BM9HcYlYr8Qfl82gupVKnQ%2FxhOANDjlFErk0PU5HynlzF2ZWxvQ1pPfGF2NQTr8tixCn24viJsKS%2FJRxEy9m2n27uVyPLZTVvGAZChYCUhvOeiUL7oaV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 784b1b4dff357713-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.16
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 24 Dec 2022 15:01:00 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1016036
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4fcbc1b50b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
badosport8blogs.blogspot.com/2023/01/cobra-ultra_4.html
172.217.21.161200 OK 0 B URL HTTP/2 badosport8blogs.blogspot.com/2023/01/cobra-ultra_4.html
IP 172.217.21.161:0
GET /2023/01/cobra-ultra_4.html HTTP/1.1
Host: badosport8blogs.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://badosport8blogs.blogspot.com
Connection: keep-alive
Referer: http://badosport8blogs.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport
content-type: text/html; charset=UTF-8
expires: Thu, 05 Jan 2023 09:14:54 GMT
date: Thu, 05 Jan 2023 09:14:54 GMT
cache-control: private, max-age=0
last-modified: Wed, 04 Jan 2023 23:31:30 GMT
etag: W/"530ed2460162499a76fde61d342e6b88d0991f0ab26df64049c6a533392c431e"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 38169
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261756
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b5d1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b6f1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261752
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d9b6e1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_568C68F54F424ADA97415DDAA11C6452&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1672910096922)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C202315914%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228648396811%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 09:14:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 261756
vary: Accept-Encoding
server: cloudflare
cf-ray: 784b1b4d8b571c06-OSL
content-encoding: br
X-Firefox-Spdy: h2