r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11623
Expires: Sun, 27 Nov 2022 03:32:05 GMT
Date: Sun, 27 Nov 2022 00:18:22 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3384
Cache-Control: max-age=126549
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:23 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:27:32 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 23:19:17 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3546
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18598
Expires: Sun, 27 Nov 2022 05:28:21 GMT
Date: Sun, 27 Nov 2022 00:18:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: j/KLwwZ7iGojusnjPGIp9n0LwBxlDhP7Y/mczAbYL1EUxsOpIYiAMxswcYAJk/8qe8SqFNhnOdE=
x-amz-request-id: D3WFDH5GM43K6RJY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 23:41:24 GMT
age: 2219
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 00:18:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 00:08:54 GMT
cache-control: public,max-age=3600
age: 569
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
200 OK 20 kB URL HTTP/1.1 mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 883e3ca79416f2e78e68a5307b16d2c2
3175c4922559c4f0f3fb5c42441ca75c58b59c2c
84178d0774ccc9b034fad30202e4a5a463c6bbc271843c5bb1444192e8ef0aa1
Analyzer Verdict Alert quad9 Sinkholed
GET /pokemon-ultra-fire-red-gba-pt-br/ HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
X-Pingback: http://mundo-do-nando.com/xmlrpc.php
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <https://mundo-do-nando.com/wp-json/>; rel="https://api.w.org/", <https://mundo-do-nando.com/wp-json/wp/v2/posts/5387>; rel="alternate"; type="application/json", <https://mundo-do-nando.com/?p=5387>; rel=shortlink
Set-Cookie: pvc_visits[0]=1669594703b5387; expires=Mon, 28-Nov-2022 00:18:23 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=LAX
PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=6.1.1
200 OK 402 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=6.1.1
IP
Hash d8f5b9b9910d14271f5f044ecfb0e221
661576a41ec2ac73de9e21009cf43350efdbd2d3
f7e5390dbc937dda86e4b922a08372e461f566d6da76f9b0e4d7c916b242c21f
GET /css?family=Lato%3A300%2C400%2C700%2C900&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 00:18:23 GMT
Date: Sun, 27 Nov 2022 00:18:23 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Noto+Serif%3A700&ver=6.1.1
200 OK 525 B URL HTTP/1.1 fonts.googleapis.com/css?family=Noto+Serif%3A700&ver=6.1.1
IP
Hash 988123033564e802e8577802db524950
f317aa13f0cd042367fee0e1040dfd4e869feeb4
70fd4b57f791e8f263d648273657cd9abb0883dae0c2edce4d54bb7eef617106
GET /css?family=Noto+Serif%3A700&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 00:18:23 GMT
Date: Sun, 27 Nov 2022 00:18:23 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
mundo-do-nando.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
200 OK 4.5 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21597)
Hash 7f01d3c2dd8fdc231241f6a3b10def8c
76646b14e9ce97d384b9adb20c622f09c7ecd140
999c4a983cd4b5a1a7652aa436630a18c1a6dbf91de090c903ab507b07df536a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 03 Nov 2022 02:21:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4487
Keep-Alive: timeout=5, max=75
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.3.12
200 OK 160 B URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.3.12
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 4df91c91027504c61842f14fe647d07c
dc28721ef85699e731a1d4913969c9023fb67f66
667d125196c7be5569af7877beb880f71e984ef160420054602fd22bd62029d4
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.3.12 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 15:00:44 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 160
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mundo-do-nando.com/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css?ver=1669508303
200 OK 314 B URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash dc56ad96de6ecab48bb1e2509ca5f5ea
2a99d75d3a9b75595d7f420cb1a188d297c6e28e
81ad9a4c505f184844cb4f6850bddd6e2fcb31118edf1b3ad45476c1e2b52c29
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 03 Nov 2022 03:54:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 314
Keep-Alive: timeout=5, max=75
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/superb-social-share-and-follow-buttons//assets/css/frontend.css?ver=1.1.2
200 OK 3.4 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/superb-social-share-and-follow-buttons//assets/css/frontend.css?ver=1.1.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash c0a34501fc15ba1e5e6e84a5aa3c7720
6ee108494eb85942b9625df4a5583281ad614de9
fc8a4a86e530e8696122ec3645446c24f9dcada1f6340c585d9d269f84ffcd65
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/superb-social-share-and-follow-buttons//assets/css/frontend.css?ver=1.1.2 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 03 Nov 2022 03:58:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3435
Keep-Alive: timeout=5, max=75
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/video-popup/css/YouTubePopUp.css?ver=1669508303
200 OK 1.2 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/video-popup/css/YouTubePopUp.css?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash e6333355d0bdc865ee474e214af52d4b
f6e40a87b6f36d7343e951e4ea64b6bda08accff
289b2736f05af1a228c600768c15684d2964fafb2bb5e646e9e02ff2bb894c03
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/video-popup/css/YouTubePopUp.css?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 03 Nov 2022 03:54:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1161
Keep-Alive: timeout=5, max=75
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/holler-box/assets/css/popups.css?ver=1669508303
200 OK 4.9 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/holler-box/assets/css/popups.css?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (500)
Hash 7b447e1e614044abc117190a8235f05b
720608290b014aa33eb003304d5de512c24a7dcd
2a5c28245041b6e618361ec762105d3247197964b05249de49160e82f04fd6db
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/holler-box/assets/css/popups.css?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Sat, 17 Sep 2022 22:24:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4877
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
200 OK 471 B IP
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6202
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:23 GMT
Last-Modified: Sat, 26 Nov 2022 22:35:01 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
mundo-do-nando.com/wp-content/themes/blogrid/css/font-awesome.min.css?ver=6.1.1
200 OK 7.1 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/css/font-awesome.min.css?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (30837)
Hash 82a55032c4b614390aea6ef6870d3e90
bb21577feea531540a8d4f27ac3730ffac111e1b
4f068500ef9ef0dbffa5b76ac10f1970a7a9de8ff033f84228971a140eb20069
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/css/font-awesome.min.css?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7114
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mundo-do-nando.com/wp-content/plugins/popup-anything-on-click/assets/css/popupaoc-public.css?ver=2.2.2
200 OK 8.5 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/popup-anything-on-click/assets/css/popupaoc-public.css?ver=2.2.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (41691), with CRLF line terminators
Hash 3d0df96f1ab88678d01f9dff15b1a00b
564b291036604903449c1888c3d5a44ac3879587
80c4a0e5a43065af28add8a88d5a390b997a74a13ef02016ea03b9231f9636ff
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/popup-anything-on-click/assets/css/popupaoc-public.css?ver=2.2.2 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 15:00:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8494
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/wpzoom-video-popup-block/dist/scripts/frontend.js?ver=d1ecd53b1528a7375c81
200 OK 9.7 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/wpzoom-video-popup-block/dist/scripts/frontend.js?ver=d1ecd53b1528a7375c81
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21312)
Hash 77828d030d6f639496d9807117b5aa1b
18dab2b73875bc108bec85bb9d66f4f656040c46
e6965c8009291754dc888c2dd48ea01f8d3929e3d928fd7fa26e457fdc296cb7
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/wpzoom-video-popup-block/dist/scripts/frontend.js?ver=d1ecd53b1528a7375c81 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 02:52:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9697
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-content/themes/blogrid/style.css?ver=6.1.1
200 OK 18 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/style.css?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (16993)
Hash 33b41a1d64ed684ff9abb5c4ea115c19
9a0867bcaacd71dacf1b9e0bb81fe9cf884bc7de
473522e2ee3584798ceb19efdf73957be53ef08709e3aa6aa34095791cf1d7c5
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/style.css?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
mundo-do-nando.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.6 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4618
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gc/HzuiE5rT+5/kcbNr1Pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O77pH0AeTMvZEVKyXqqxDIcZWt0=
ocsp.sectigo.com/
200 OK 471 B IP
Hash 01afa847dd32f6a25f2ce6317bf1e5bb
180a7f43e5feb59d01e5a10e2f6ea82cb345121a
5acca38d8795a08161dedc2fb7fb3d919a144a8244a34f8ecdc3d5d916e15ff1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 08:16:26 GMT
Expires: Sat, 03 Dec 2022 08:16:25 GMT
Etag: "180a7f43e5feb59d01e5a10e2f6ea82cb345121a"
Cache-Control: max-age=546481,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7706afb22ac3b51b-OSL
mundo-do-nando.com/wp-content/themes/plain-blogrid/style.css?ver=6.1.1
200 OK 15 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/plain-blogrid/style.css?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (993)
Hash 1e533bf350fe265c43b9732a793f7582
34b1c6d1ef769ac102443c871dd1e662cc907977
7038fc148d7de8a222400649cb3f7527a5689c5d6a315d5b12f15378d2db515f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/plain-blogrid/style.css?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Sat, 22 Oct 2022 04:07:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14974
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
mundo-do-nando.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
200 OK 18 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (47826)
Hash 9415c9562591af7a582c29139621505f
0b12eecf36a48b871a3198550f4f65bb4a6d9b1b
06c70d3232c2ae3ed2aa259eb7a1beb329b654926813935fffa8902cd5ebaa4a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 14:56:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/block-options/build/style.build.css?ver=new
200 OK 3.8 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/block-options/build/style.build.css?ver=new
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (19768), with no line terminators
Hash a76d88e8c3c44efcabb318b9b83cd372
56db3473f288d51962ecb30bf2fc461214abeca8
4e36b85ba6cf3c17afda013bab9bacbf0864df1d60bc9ee38b1d356652f0efdc
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/block-options/build/style.build.css?ver=new HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 02:20:11 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3817
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/css
mundo-do-nando.com/wp-includes/css/classic-themes.min.css?ver=1
200 OK 189 B URL HTTP/1.1 mundo-do-nando.com/wp-includes/css/classic-themes.min.css?ver=1
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:45:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 189
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
mundo-do-nando.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 39 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65447)
Hash 32f58a61f7c5a7e10f8b2dcf8e9a8e34
865c25589283ab1debd45bdfa6c4d8c6ecf15ad3
481cb2216fbdb0797af8c61b69c0bda2c10d025f7b11f2cdfac382d35dc45d63
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Mon, 19 Sep 2022 14:16:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
mundo-do-nando.com/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js?ver=1669508303
200 OK 1.3 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash a2faffd88eca85f97baf7df9e16f3265
c521dbf31680cd287cdc7c1ff5475cbde2e33141
7ea5eede52a101afcd5f129de7880f645081c97e1f5f8e6e86986f501eefe60a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 03:54:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1318
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-content/plugins/video-popup/js/YouTubePopUp.js?ver=1669508303
200 OK 306 B URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/video-popup/js/YouTubePopUp.js?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 3f4f64593626d592f82471f3f57818d7
8be2b519d161eb524f441d5cba7df5086b888a66
49ec8381c29ab084543c3710d9bc0889525658443ed9cac0f4319c9c9e634e41
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/video-popup/js/YouTubePopUp.js?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 03:54:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 306
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
200 OK 5.3 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5321
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-includes/css/dashicons.min.css?ver=6.1.1
200 OK 36 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/css/dashicons.min.css?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (58981)
Hash ff6c9e677e54008818f72708ab0f9382
32746d4ae1f8fbeccb280d16fee8fc192f403aeb
88d3e64209eb0f3fb5098328ddfcb0da5bd11711f144d811536674b2ed36b1f3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:23 GMT
Server: Apache
Last-Modified: Wed, 03 Mar 2021 21:16:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
mundo-do-nando.com/wp-content/plugins/popup-anything-on-click/assets/js/popupaoc-public.js?ver=2.2.2
200 OK 2.9 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/popup-anything-on-click/assets/js/popupaoc-public.js?ver=2.2.2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 79545b6fcbe849ebe4a7b6383f0fc75d
b3768ff2fe9bd8df62431ddfda67c6a3b2fd21d9
ac046e4d93b80b2c371fd6961970582846c4bec304bad70b596ac952eda1895e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/popup-anything-on-click/assets/js/popupaoc-public.js?ver=2.2.2 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 15:00:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2917
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-content/plugins/holler-box/assets/js/popups.min.js?ver=1669508303
200 OK 14 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/plugins/holler-box/assets/js/popups.min.js?ver=1669508303
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, Unicode text, UTF-8 text, with very long lines (9313)
Hash ff9eb6cf447a058b2e6257efbacf1625
2b4d2d6ece1f5d73cb7bf4a7d0bb5e31911e8c33
5575825c1e82a86a7a3d355c9dedea60d826139387261dff320b458987afc7b6
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/holler-box/assets/js/popups.min.js?ver=1669508303 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sat, 17 Sep 2022 22:24:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14111
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
static.wixstatic.com/media/85095f_31f910617ead4aa6b5fd4a76fe675da6~mv2.png/v1/fit/w_300,h_300,al_c,q_5,enc_auto/file.png
200 OK 14 kB URL HTTP/2 static.wixstatic.com/media/85095f_31f910617ead4aa6b5fd4a76fe675da6~mv2.png/v1/fit/w_300,h_300,al_c,q_5,enc_auto/file.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f169e49f898d0c4fbe2b075efaaf7ef
824d03efcf2a7bab923df24911b88fdc4ec5319d
45b2a798d6f1fed8087625cd5dac1ad54aa6246eeba0bad8a801451c03854777
GET /media/85095f_31f910617ead4aa6b5fd4a76fe675da6~mv2.png/v1/fit/w_300,h_300,al_c,q_5,enc_auto/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Sun, 27 Nov 2022 00:18:24 GMT
content-type: image/webp
content-length: 13486
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
vary: Accept
wix-tracer: 2I6iC8CF7hYotk37XsuN38xckSs
x-seen-by: image-manipulator-77c4b7b444-x8hmh
timing-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mundo-do-nando.com/wp-content/themes/blogrid/js/navigation.js?ver=20170823
200 OK 1.2 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/js/navigation.js?ver=20170823
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 28b80aaf2ae2ef0de0d59144ea1a723b
b2d3ad6f06985a17a600b1b5fe2d160eee947303
aaa489d95f9aa848c37d2c39cd96ddcb82e881d69a14965f79692f90cc8ecf3b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/js/navigation.js?ver=20170823 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1168
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 18:20:17 GMT
Expires: Wed, 22 Nov 2023 18:20:17 GMT
Cache-Control: public, max-age=31536000
Age: 367087
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
200 OK 22 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22504
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 21:36:19 GMT
Expires: Wed, 22 Nov 2023 21:36:19 GMT
Cache-Control: public, max-age=31536000
Age: 355325
Last-Modified: Tue, 26 Apr 2022 16:04:16 GMT
Content-Type: font/woff2
mundo-do-nando.com/wp-content/themes/blogrid/js/skip-link-focus-fix.js?ver=20170823
200 OK 417 B URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/js/skip-link-focus-fix.js?ver=20170823
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 73f7704398d8f6be9748d30791950984
3231f3786c364c7665cd7123d8fae0f42bbfd836
c1d9b23aff05fb52e5d6e68aff86d808097185c6dbaac6c3fc3ec6e5bea31ef4
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/js/skip-link-focus-fix.js?ver=20170823 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 417
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-content/themes/blogrid/js/jquery.flexslider.js?ver=20150423
200 OK 16 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/js/jquery.flexslider.js?ver=20150423
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 5aedce09b071d09e102723b4f18a9297
7c97c9d6bbec33b632a81ccd9b2fed5f057e39bc
94f9c5d350cce337ef376a84ee856005aa5fa2fc18b3277a44abf2547eef4fac
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/js/jquery.flexslider.js?ver=20150423 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16281
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/notoserif/v21/ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2
200 OK 28 kB URL HTTP/1.1 fonts.gstatic.com/s/notoserif/v21/ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 27456, version 1.0\012- data
Hash 80becb8b7638756b35eebf31518f8904
ba154f44545a98796887a9b5cfd84d765d3d0c05
a0a9ce1553fa74dad4d8cf55b7df7d012a3acdec01cd39d682fce0e5b52e99f2
GET /s/notoserif/v21/ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 27456
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 24 Nov 2022 08:40:00 GMT
Expires: Fri, 24 Nov 2023 08:40:00 GMT
Cache-Control: public, max-age=31536000
Age: 229104
Last-Modified: Mon, 09 May 2022 20:10:48 GMT
Content-Type: font/woff2
mundo-do-nando.com/wp-content/themes/blogrid/js/script.js?ver=20160720
200 OK 1.2 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/js/script.js?ver=20160720
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3ef8a52b1ab28ccae71621cde82f265c
608ef5cace5f5d83c5b43a40fbff5335b6cd8e8f
68b7493e625a1da63e35335baded75924266c80106ae4de598b06bc6cbd55ca2
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/js/script.js?ver=20160720 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1188
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-content/themes/blogrid/js/accessibility.js?ver=20160720
200 OK 560 B URL HTTP/1.1 mundo-do-nando.com/wp-content/themes/blogrid/js/accessibility.js?ver=20160720
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text
Hash 8f02e276092b51a24f8ee21760cd864d
1fe6ae84f83634e16f8d188d275ab5af3befab17
428d108ac998f3a9df873ce1c0d932a69439f42610f4f788f5c1017b2255f820
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/blogrid/js/accessibility.js?ver=20160720 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 17:08:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 560
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
mundo-do-nando.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
200 OK 1.5 kB URL HTTP/1.1 mundo-do-nando.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2946)
Hash 92712acce6ce836d0a929b1800b4f9d6
8157d1380bb1d6dadfd85565dd464bb5b0ed06bd
2f82d181a2cadadf7d898d7f5ea2eb527106fb6413044b55fbfa4fb0081a2e09
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/comment-reply.min.js?ver=6.1.1 HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1477
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.sectigo.com/
200 OK 471 B IP
Hash 01afa847dd32f6a25f2ce6317bf1e5bb
180a7f43e5feb59d01e5a10e2f6ea82cb345121a
5acca38d8795a08161dedc2fb7fb3d919a144a8244a34f8ecdc3d5d916e15ff1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 08:16:26 GMT
Expires: Sat, 03 Dec 2022 08:16:25 GMT
Etag: "180a7f43e5feb59d01e5a10e2f6ea82cb345121a"
Cache-Control: max-age=546480,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7706afb57d3bb51b-OSL
mundo-do-nando.com/wp-content/uploads/2022/11/4b9aebaa69782c862463d63c84c42257d54ddc4a_hq.jpg
200 OK 113 kB URL HTTP/1.1 mundo-do-nando.com/wp-content/uploads/2022/11/4b9aebaa69782c862463d63c84c42257d54ddc4a_hq.jpg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 513x800, components 3\012- data
Size 113 kB (112739 bytes)
Hash bf2a440c6e18fb574a8a6f83899ea7b6
b040a7a1b8d56caeaee3da9e05a7a67a6c9fa57b
4e60c550af8705f95da99fb5e49dc6c9e834caf5db8f705127e2ba7ef4a47626
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/11/4b9aebaa69782c862463d63c84c42257d54ddc4a_hq.jpg HTTP/1.1
Host: mundo-do-nando.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Cookie: pvc_visits[0]=1669594703b5387; PHPSESSID=bd9491654c1e3a45e8496a0448ea2aa8
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 00:18:24 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 17:31:08 GMT
Accept-Ranges: bytes
Content-Length: 112739
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/jpeg
ripewhining.com/e3cd669a3edd6a37be78f743226df70d/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/e3cd669a3edd6a37be78f743226df70d/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26969), with no line terminators
Hash 20349d98ca22a84f5aff723756d3a7b1
985d9b07fbc2bed7d0527c6a92886507bb733b12
41fe769c74bed7d4dad0e071cfaad2fd6fd93108c0dabba96d8c45c8fa16d2b0
GET /e3cd669a3edd6a37be78f743226df70d/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bce6a207d973680cb72c5b6e3285f02c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ripewhining.com/cb9d80f5fbc22960c31f8ba07e924c47/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/cb9d80f5fbc22960c31f8ba07e924c47/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 3dca9164aad934077ca86dad68ec4b1f
e16c60b3061b149b9b3310adee0f85869a06d1e0
cabddcef537a7d14ff48ac30cea80206a026e997a1e98163d98be62af9e6354b
GET /cb9d80f5fbc22960c31f8ba07e924c47/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 511eb7837d2ea7fdd53e4df6218d49ab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4af47334194a0d10c2bfd52f16eb91ac
8ea04d240499dea43f26c738c8428df118dd622d
6741505308b8f473e68a567b74e6cd099b7a624b3711cc0acab45b2add675f74
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139868
Date: Sun, 27 Nov 2022 00:18:24 GMT
Etag: "63821517-1d7"
Expires: Mon, 28 Nov 2022 15:09:32 GMT
Last-Modified: Sat, 26 Nov 2022 13:31:03 GMT
Server: ECS (dcb/7ECA)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bn2PpyTwig_-Zz8Moj23nVRq00oHwPGoznRigIU5mJStCr3LMQBmOg==
Age: 5909
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 6afb660cfac72bb0f490343ccfb0d035
b696590e0b2c97992697ae49780558f6c89adfe2
6379e8df2c13672aec412b51e911d693b54a339efcc9ea4c7b8048fd8928a90a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://mundo-do-nando.com
access-control-allow-credentials: true
set-cookie: uid_id2=24333db6-7415-4683-8210-39d1a049afc9:1:1; expires=Wed, 24 Nov 2032 00:18:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23040
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 17:29:29 GMT
Expires: Wed, 22 Nov 2023 17:29:29 GMT
Cache-Control: public, max-age=31536000
Age: 370135
Last-Modified: Tue, 26 Apr 2022 15:56:42 GMT
Content-Type: font/woff2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash b86dbb6aa8c87a0ad597ecd27018b34e
2290f08dd46c724e7028c8772b9da52152c97f14
cc42ac8c3c93966fb0f5b212c894f6fa942d6ee755381d8b9c98e7029585443d
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://mundo-do-nando.com
access-control-allow-credentials: true
set-cookie: uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Wed, 24 Nov 2032 00:18:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ripewhining.com/2e0c9357e1499fa48b1e60cfab110443/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/2e0c9357e1499fa48b1e60cfab110443/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26957), with no line terminators
Hash 0db772eac3d593b76f0b7b577f1446b1
dd9c4c575a1ebbd9d44c83ad68e4909f3ebf19fe
ed2b43d32274d9f017cc65249e1ae6eec2ebc69b38b53c2daba065dc9090ff9c
GET /2e0c9357e1499fa48b1e60cfab110443/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed918c7b43a18bc584129e8b8810ae0e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ripewhining.com/bfbe8981989a70b392bceb9abed5d74b/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/bfbe8981989a70b392bceb9abed5d74b/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 079ca219dd055ddc46ececa703e65e3c
1e78388e5603da011cc702b84b7699b9ee448772
ce2ac4b2aaa9c192efe391459ab37bf635df2a09fcb293162260ceb0a3083247
GET /bfbe8981989a70b392bceb9abed5d74b/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1850eefd45ba6a0a6b46c4a57581301f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 11cf9ae7b36a5c50f9d1e3c88ca5cc7b
1e6a9590a25e40e27eb528c6e6a1f5ff07122f48
165ef941d6d7b324b832835fa0e9f4bd8b3d97adf1c5956071370efa40c2d3f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "165EF941D6D7B324B832835FA0E9F4BD8B3D97ADF1C5956071370EFA40C2D3F4"
Last-Modified: Thu, 24 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=654
Expires: Sun, 27 Nov 2022 00:29:19 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
ripewhining.com/40b4ca6c34fd3ae6c1d9b7b040f64c9a/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/40b4ca6c34fd3ae6c1d9b7b040f64c9a/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26957), with no line terminators
Hash 0db772eac3d593b76f0b7b577f1446b1
dd9c4c575a1ebbd9d44c83ad68e4909f3ebf19fe
ed2b43d32274d9f017cc65249e1ae6eec2ebc69b38b53c2daba065dc9090ff9c
GET /40b4ca6c34fd3ae6c1d9b7b040f64c9a/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23e48aa5d93ab928475c98fec90a0fb4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9129
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9129
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
yearbookhobblespinal.com/watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 yearbookhobblespinal.com/watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com
Access-Control-Allow-Origin: http://mundo-do-nando.com
Access-Control-Allow-Credentials: true
Location: https://yearbookhobblespinal.com/watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1&shu=4f09a7453599916a26d9d526a826029f201ad983258f53066850e7975e90cf6e1b18826465939df3b3016d4ae42b4a3c7e648f0e08f5abc17b6c2835e419ab7a381a949a5a6bef61e847468d582bdf958835369dd4e5a693b0d76966d52fc302261433&pst=1669508365&rmtc=t
Set-Cookie: u_pl=16552434; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNCwiayI6IjJlMGM5MzU3ZTE0OTlmYTQ4YjFlNjBjZmFiMTEwNDQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjUsInB0Ijo0LCJwayI6Iml4a3plajAzOXUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL211bmRvLWRvLW5hbmRvLmNvbS9wb2tlbW9uLXVsdHJhLWZpcmUtcmVkLWdiYS1wdC1ici8ifX0.nXOpW49W041ilwyGKpKombEbIWPpqfo8FjHnpv1oEjo; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b4668d44904daae384d2a87ea427fa2
Strict-Transport-Security: max-age=0; includeSubdomains
ripewhining.com/5c643bdd7074889be25d013b3ee97891/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/5c643bdd7074889be25d013b3ee97891/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 3dca9164aad934077ca86dad68ec4b1f
e16c60b3061b149b9b3310adee0f85869a06d1e0
cabddcef537a7d14ff48ac30cea80206a026e997a1e98163d98be62af9e6354b
GET /5c643bdd7074889be25d013b3ee97891/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6dada43981c120bc7b5162f09313eee3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fa7807766d23b7a5d301da2eff6f85f5
f45185b68991f46feb25cfe97377661e8e63d431
a4873b1d66c85fed052cce0a2507d992990b3590fd4f263f2a2ba8108fcff317
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4873B1D66C85FED052CCE0A2507D992990B3590FD4F263F2A2BA8108FCFF317"
Last-Modified: Sat, 26 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Sun, 27 Nov 2022 02:16:52 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1db6041a0bdb2319ae85afcc30caaeec
3b0ec6a7188dadf986f72fda8110296d9abd6f35
05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z7Hy7zEJmW8khrRb_uNcDa3UATX8DaKsdis-wUJAXfOZN4BM-0JtvQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 01:46:48 GMT
age: 81097
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f80a9a9b55da31c98663e157dde74a19
26b8dd82140c0db021048e11bff65a391dc6b444
680c39e4ea1d784db9831958942a64f3e83618dc443c8bcaa34223d85bb5b926
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6859
x-amzn-requestid: 4a1b13ad-9455-401d-a914-c1ada2191977
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTHRroAMFR8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-4e5d630b23cdeb2e4b6d75d1;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D24B6xoLZ2nu1NdlMU5TgJSc-DfzD6vrMzgU3s6tAiAsUuzBb_t89Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 08:23:04 GMT
age: 57321
etag: "26b8dd82140c0db021048e11bff65a391dc6b444"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: agN3iI99V_lKDGyKTEkZg_jgR8P6nrI53d-fXsHGHkQP55suaCC2xA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:30:06 GMT
age: 67699
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 8808
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc51742200b699c93a6ede66c7997d2a
1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6
a7cc50883ac1a59fc14f0467551dec16cef3b033df599b23916427c5e42be1aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4565b77f-3e3b-4410-b35b-b4e9a478ce4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8145
x-amzn-requestid: ff37a7a0-ac51-4629-bb45-8983c4bcdd96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFFCuFL4oAMFpRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637eb544-7644e0183e2abc225f5e0938;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:05:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0oFg5UqP5KArhT2955eVqJsGhcnVoe7Je9nf6yTA7BLSsMVT2mXXUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:26:21 GMT
age: 13924
etag: "1021cf938f62cf18466e2ff4d55ce8c52c0f9cf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 8804
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ba49947474eacabfb70799c69ae33823
785d165e08011959d1c3ff1f1d28f27f6fb4e2e2
e646f73a88a7769a0683fee7388b103a40db2b9e5e95212e0f85c721a17c431b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E646F73A88A7769A0683FEE7388B103A40DB2B9E5E95212E0F85C721A17C431B"
Last-Modified: Sat, 26 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12592
Expires: Sun, 27 Nov 2022 03:48:17 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
yearbookhobblespinal.com/watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1&shu=4f09a7453599916a26d9d526a826029f201ad983258f53066850e7975e90cf6e1b18826465939df3b3016d4ae42b4a3c7e648f0e08f5abc17b6c2835e419ab7a381a949a5a6bef61e847468d582bdf958835369dd4e5a693b0d76966d52fc302261433&pst=1669508365&rmtc=t
200 OK 642 B URL HTTP/1.1 yearbookhobblespinal.com/watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1&shu=4f09a7453599916a26d9d526a826029f201ad983258f53066850e7975e90cf6e1b18826465939df3b3016d4ae42b4a3c7e648f0e08f5abc17b6c2835e419ab7a381a949a5a6bef61e847468d582bdf958835369dd4e5a693b0d76966d52fc302261433&pst=1669508365&rmtc=t
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (602)
Hash e6d1096c2a0c1905bc6d8d948c043983
50d147b5c274d33b0a5d66c332c930b05a0c8c35
8f476c200064bdc7baae2bbee363dcb4b3bbde1d87eca12c258f6129a964570a
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.710049709869.js?key=2e0c9357e1499fa48b1e60cfab110443&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1&shu=4f09a7453599916a26d9d526a826029f201ad983258f53066850e7975e90cf6e1b18826465939df3b3016d4ae42b4a3c7e648f0e08f5abc17b6c2835e419ab7a381a949a5a6bef61e847468d582bdf958835369dd4e5a693b0d76966d52fc302261433&pst=1669508365&rmtc=t HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mundo-do-nando.com
Referer: http://mundo-do-nando.com/
Connection: keep-alive
Cookie: u_pl=16552434; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNCwiayI6IjJlMGM5MzU3ZTE0OTlmYTQ4YjFlNjBjZmFiMTEwNDQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjUsInB0Ijo0LCJwayI6Iml4a3plajAzOXUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL211bmRvLWRvLW5hbmRvLmNvbS9wb2tlbW9uLXVsdHJhLWZpcmUtcmVkLWdiYS1wdC1ici8ifX0.nXOpW49W041ilwyGKpKombEbIWPpqfo8FjHnpv1oEjo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com
Access-Control-Allow-Origin: http://mundo-do-nando.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=24333db6-7415-4683-8210-39d1a049afc9:1:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
iprc0ee6cbed4d4ed8b8cc9b060d5ec496fb=2717340; expires=Mon, 28 Nov 2022 02:18:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da8cf0a4235bb61e4e32a93fa9fcfa5c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ripewhining.com/cb9d80f5fbc22960c31f8ba07e924c47/invoke.js
200 OK 9.8 kB URL HTTP/1.1 ripewhining.com/cb9d80f5fbc22960c31f8ba07e924c47/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 4f8800eb9c3eb452408cba1a0a54f196
64cfde6d597ebb8e2759140353341eb78be85398
9b580cb995b47252cf2e610bbd155b64b9f3ad540556621c45f0a27b038831d9
GET /cb9d80f5fbc22960c31f8ba07e924c47/invoke.js HTTP/1.1
Host: ripewhining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mundo-do-nando.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a725cc70ee9d3899d0ad902ef67a924
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d5d8ec7e20a8b7644119bde430cc7c88
b2bd02b98bbdb1c27a104c4421de6bc1cff71250
58534e7f6c8cd723f279356955fdb8adb83b666bad178e9eb366568a7b506fce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58534E7F6C8CD723F279356955FDB8ADB83B666BAD178E9EB366568A7B506FCE"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7459
Expires: Sun, 27 Nov 2022 02:22:44 GMT
Date: Sun, 27 Nov 2022 00:18:25 GMT
Connection: keep-alive
soldierreproduceadmiration.com/watch.373985937439.js?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 soldierreproduceadmiration.com/watch.373985937439.js?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.373985937439.js?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mundo-do-nando.com
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com
Access-Control-Allow-Origin: http://mundo-do-nando.com
Access-Control-Allow-Credentials: true
Location: https://soldierreproduceadmiration.com/watch.373985937439.js?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=24333db6-7415-4683-8210-39d1a049afc9%3A1%3A1&shu=882d8b2d79fdc4b1f4eaaf64b60e7a02a2a049c1289b75b1429a8c4f963a64d30ac898b4c7641b96b8b350a2cd527b685c86ec0bd522a564b6c824922370a9ac326b28b9e2dcdcf7da49915953834e9f2f30c19dec6c1ba135db0f89f1b8&pst=1669508365&rmtc=t
Set-Cookie: u_pl=16552436; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNiwiayI6ImUzY2Q2NjlhM2VkZDZhMzdiZTc4Zjc0MzIyNmRmNzBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTVibWZhYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vbXVuZG8tZG8tbmFuZG8uY29tL3Bva2Vtb24tdWx0cmEtZmlyZS1yZWQtZ2JhLXB0LWJyLyJ9fQ.TkclyuTflYOmLarwuw6ZMgDNRsQnPIMPkRhIa5O5a80; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7fcb5bb9fca682648889066925011094
Strict-Transport-Security: max-age=0; includeSubdomains
yearbookhobblespinal.com/watch.600081137964?key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
200 OK 1.2 kB URL HTTP/1.1 yearbookhobblespinal.com/watch.600081137964?key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (583)
Hash b76771eabb46d76b23212af31d3127ec
bf72984839d1b6e151b08f394afec3ecbd4f0547
e5e65c610a89cbcfb1932a55590aa35c081a80f144a46fdb7cc3476f035a87a8
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.600081137964?key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Cookie: u_pl=16552434; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNCwiayI6IjJlMGM5MzU3ZTE0OTlmYTQ4YjFlNjBjZmFiMTEwNDQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjUsInB0Ijo0LCJwayI6Iml4a3plajAzOXUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL211bmRvLWRvLW5hbmRvLmNvbS9wb2tlbW9uLXVsdHJhLWZpcmUtcmVkLWdiYS1wdC1ici8ifX0.nXOpW49W041ilwyGKpKombEbIWPpqfo8FjHnpv1oEjo; uid_id2=24333db6-7415-4683-8210-39d1a049afc9:1:1; iprc0ee6cbed4d4ed8b8cc9b060d5ec496fb=2717340; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16552434,17603029; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYwMzAyOSwiayI6IjQwYjRjYTZjMzRmZDNhZTZjMWQ5YjdiMDQwZjY0YzlhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJmZDVmMnl6Z3Y3IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9tdW5kby1kby1uYW5kby5jb20vcG9rZW1vbi11bHRyYS1maXJlLXJlZC1nYmEtcHQtYnIvIn19.8MgGQmtc48VEwnKYcM4gwP5yq0idaK_o9dV-6O-hSPw; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41067505b647d8953f1eee616f8658ab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
yearbookhobblespinal.com/watch.600081137964?shu=366287d47138e6e269275c64e167a6b306cc5ed7bd3aafe631e6efc393ffd9013433182e3307511479c7946e3d89c1908cb04d3eba43eb565493eddad9e732fc1e5c47fd4b0ffb9de35c31d8d453a0ac47989ec543f2f9de5dc234d7638a82e0d6&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e&res=12.1053
200 OK 1.9 kB URL HTTP/1.1 yearbookhobblespinal.com/watch.600081137964?shu=366287d47138e6e269275c64e167a6b306cc5ed7bd3aafe631e6efc393ffd9013433182e3307511479c7946e3d89c1908cb04d3eba43eb565493eddad9e732fc1e5c47fd4b0ffb9de35c31d8d453a0ac47989ec543f2f9de5dc234d7638a82e0d6&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e&res=12.1053
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2655)
Hash 7171ccacff776c706661fbbd3464f6a7
223b11cfc44a79b183c0f9e492d34578e3a89251
019ce8ed0d7fb4a0b3c0824ed585c3d84acfb9858cf10efb4581ed30d6984b71
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.600081137964?shu=366287d47138e6e269275c64e167a6b306cc5ed7bd3aafe631e6efc393ffd9013433182e3307511479c7946e3d89c1908cb04d3eba43eb565493eddad9e732fc1e5c47fd4b0ffb9de35c31d8d453a0ac47989ec543f2f9de5dc234d7638a82e0d6&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e&res=12.1053 HTTP/1.1
Host: yearbookhobblespinal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yearbookhobblespinal.com/watch.600081137964?key=40b4ca6c34fd3ae6c1d9b7b040f64c9a&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
Cookie: u_pl=16552434,17603029; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYwMzAyOSwiayI6IjQwYjRjYTZjMzRmZDNhZTZjMWQ5YjdiMDQwZjY0YzlhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJmZDVmMnl6Z3Y3IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9tdW5kby1kby1uYW5kby5jb20vcG9rZW1vbi11bHRyYS1maXJlLXJlZC1nYmEtcHQtYnIvIn19.8MgGQmtc48VEwnKYcM4gwP5yq0idaK_o9dV-6O-hSPw; uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; iprc0ee6cbed4d4ed8b8cc9b060d5ec496fb=2717340; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Origin: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
iprc832dd293484b51d05ab86eb55f4c269c=3570421; expires=Sun, 27 Nov 2022 04:18:25 GMT; secure; SameSite=None
uncs=2; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
pdhtkv32=true; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
uncs32=1; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 02867ed386524e035964127fa9269d80
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
soldierreproduceadmiration.com/watch.373985937439?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
200 OK 1.3 kB URL HTTP/1.1 soldierreproduceadmiration.com/watch.373985937439?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (583)
Hash 0e1d916e1198512d104ac1be3dfcbc31
c5d3aca35f3e875cddcc38fd6b2bf05d4eb53f9b
fee49806c71e300b730f7c4ee11bee9f150ed6712e34c1f89f26b90f1c7cf0e1
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.373985937439?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Cookie: u_pl=16552436; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNiwiayI6ImUzY2Q2NjlhM2VkZDZhMzdiZTc4Zjc0MzIyNmRmNzBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTVibWZhYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vbXVuZG8tZG8tbmFuZG8uY29tL3Bva2Vtb24tdWx0cmEtZmlyZS1yZWQtZ2JhLXB0LWJyLyJ9fQ.TkclyuTflYOmLarwuw6ZMgDNRsQnPIMPkRhIa5O5a80
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNiwiayI6ImUzY2Q2NjlhM2VkZDZhMzdiZTc4Zjc0MzIyNmRmNzBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTVibWZhYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cDovL211bmRvLWRvLW5hbmRvLmNvbS9wb2tlbW9uLXVsdHJhLWZpcmUtcmVkLWdiYS1wdC1ici8ifX0.A7TVhpcQ3olw5HX7UnAFtXZ-G84VqrKih4WE_724zxo; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6de46a1ca6dd6568783731ed8842eb2c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
whiskerssituationdisturb.com/watch.1057611641868?key=cb9d80f5fbc22960c31f8ba07e924c47&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
200 OK 1.2 kB URL HTTP/1.1 whiskerssituationdisturb.com/watch.1057611641868?key=cb9d80f5fbc22960c31f8ba07e924c47&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (583)
Hash fd656d2f9bc9744ef8159f9b72c7f081
efd30713caebb9c466c34761bc9e7bd96cd69897
bd48bb7f05e5e36ce474efeb4ebdf0ed353a9f14335df222ad22155cd2b1ed99
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1057611641868?key=cb9d80f5fbc22960c31f8ba07e924c47&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16238869; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjIzODg2OSwiayI6ImNiOWQ4MGY1ZmJjMjI5NjBjMzFmOGJhMDdlOTI0YzQ3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJuZTMzYTRoeSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vbXVuZG8tZG8tbmFuZG8uY29tL3Bva2Vtb24tdWx0cmEtZmlyZS1yZWQtZ2JhLXB0LWJyLyJ9fQ.EZ4ukBXl9Oj6TtfODKgBHpS46ryRzjwfLCRtBHCQ244; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b44ab4295ccc4ab9a32e1e7dd25aa4fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
whiskerssituationdisturb.com/watch.515768557997?key=5c643bdd7074889be25d013b3ee97891&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
200 OK 1.2 kB URL HTTP/1.1 whiskerssituationdisturb.com/watch.515768557997?key=5c643bdd7074889be25d013b3ee97891&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (583)
Hash 94b8ea571aa314fb2bb0972a9a89088c
24a9c5f801141c0845ab65baa43c7c0661e3beb5
82dfcd0e4b5d126ec3eda1ac36da0eb7669252a669aab1fb094ceaee21ce2bcf
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.515768557997?key=5c643bdd7074889be25d013b3ee97891&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17704737; expires=Mon, 28 Nov 2022 00:18:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzcwNDczNywiayI6IjVjNjQzYmRkNzA3NDg4OWJlMjVkMDEzYjNlZTk3ODkxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjI2LCJwdCI6NCwicGsiOiJ4MHlodGdwOHMyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9tdW5kby1kby1uYW5kby5jb20vcG9rZW1vbi11bHRyYS1maXJlLXJlZC1nYmEtcHQtYnIvIn19.kSEeaQe9mvINe3QClkFBC4oeoJxxqeVm2QC7ipjzc4Q; expires=Sun, 27 Nov 2022 00:19:25 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d9b94ddf3db0f1e8fa396922adcf2394
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9fd31d87c534e5fb16d503dd2fbbceb2
b33fbc44c6922e66290c70bfc5132d252d48f3cf
1cd8f7e0e067e25543f8e4310f8664e256cbadded9aa1c52cb2546b815fdfeee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CD8F7E0E067E25543F8E4310F8664E256CBADDED9AA1C52CB2546B815FDFEEE"
Last-Modified: Fri, 25 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16275
Expires: Sun, 27 Nov 2022 04:49:41 GMT
Date: Sun, 27 Nov 2022 00:18:26 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d544e647515cb189a384f9c20ec9bd24
b7b52713f8f4c02a47192ef56456e16d0ca408a9
375fc9ebeb579498db5f3df773f4a94debbab4b0f809abc2fa414e9c2bea052c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "375FC9EBEB579498DB5F3DF773F4A94DEBBAB4B0F809ABC2FA414E9C2BEA052C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Sun, 27 Nov 2022 02:38:28 GMT
Date: Sun, 27 Nov 2022 00:18:26 GMT
Connection: keep-alive
tractorfoolproofstandard.com/watch.978021183737?key=bfbe8981989a70b392bceb9abed5d74b&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
200 OK 1.2 kB URL HTTP/1.1 tractorfoolproofstandard.com/watch.978021183737?key=bfbe8981989a70b392bceb9abed5d74b&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (583)
Hash 695e6b5ed28604afa5506122b9f92283
0bae6f6bd59d00d569db4299d08037f6c4b78dd0
9b8c1850a3bf9e697d2ce9c724255a8349e663deb88e90db44ffceeb3284903e
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.978021183737?key=bfbe8981989a70b392bceb9abed5d74b&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17463898; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ2Mzg5OCwiayI6ImJmYmU4OTgxOTg5YTcwYjM5MmJjZWI5YWJlZDVkNzRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjI1LCJwdCI6NCwicGsiOiJjMDNocnJiZzhkIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9tdW5kby1kby1uYW5kby5jb20vcG9rZW1vbi11bHRyYS1maXJlLXJlZC1nYmEtcHQtYnIvIn19.Ftfn5iLqb3Ki1pbGHD3D5Wu14LmPV8HFCsbbVVKEufM; expires=Sun, 27 Nov 2022 00:19:26 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6c776e593045a3684d76571211295ec0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
soldierreproduceadmiration.com/watch.373985937439?shu=ca20cc4a67ad18816e833b990ffe71119ba4135cdc6350a4b9a62f4f77eac049332a50db9e5419fb58eb2ff9419ad305aa25556eaa31d8ce64c4f0e471aba0e3e29258dc58fc5693237853daf1c88871c73212912821cb89c40ba283690401b49e0d1ea6e801&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=e3cd669a3edd6a37be78f743226df70d&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e
200 OK 781 B URL HTTP/1.1 soldierreproduceadmiration.com/watch.373985937439?shu=ca20cc4a67ad18816e833b990ffe71119ba4135cdc6350a4b9a62f4f77eac049332a50db9e5419fb58eb2ff9419ad305aa25556eaa31d8ce64c4f0e471aba0e3e29258dc58fc5693237853daf1c88871c73212912821cb89c40ba283690401b49e0d1ea6e801&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=e3cd669a3edd6a37be78f743226df70d&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (567)
Hash 0e368706758b80f9081ff46d8565f842
dfa6644f0b47447e62cc0ca9af18b12733cd8845
89280b0fd5bc56f36c2ce2c5ef32db50ce718dff6ca0596210024374686b6335
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.373985937439?shu=ca20cc4a67ad18816e833b990ffe71119ba4135cdc6350a4b9a62f4f77eac049332a50db9e5419fb58eb2ff9419ad305aa25556eaa31d8ce64c4f0e471aba0e3e29258dc58fc5693237853daf1c88871c73212912821cb89c40ba283690401b49e0d1ea6e801&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=e3cd669a3edd6a37be78f743226df70d&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://soldierreproduceadmiration.com/watch.373985937439?key=e3cd669a3edd6a37be78f743226df70d&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
Cookie: u_pl=16552436; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjU1MjQzNiwiayI6ImUzY2Q2NjlhM2VkZDZhMzdiZTc4Zjc0MzIyNmRmNzBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTVibWZhYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cDovL211bmRvLWRvLW5hbmRvLmNvbS9wb2tlbW9uLXVsdHJhLWZpcmUtcmVkLWdiYS1wdC1ici8ifX0.A7TVhpcQ3olw5HX7UnAFtXZ-G84VqrKih4WE_724zxo; uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:26 GMT
Content-Type: text/html
Content-Length: 781
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Origin: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:26 GMT; secure; SameSite=None
iprc303c43da98d7f0858c199c035187b5d9=2717343; expires=Mon, 28 Nov 2022 02:18:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41ab5b18623369c365c0d64b9fa0e923
Strict-Transport-Security: max-age=0; includeSubdomains
whiskerssituationdisturb.com/watch.1057611641868?shu=d9f510cc377e0045706a0273f5f1ea1887574a1978e4bc0eb6db0d08ad55b791e589769899bbfcb252325f0fc9654eff2c083d6d6280bed18e49dc3ab74d522ecbcb03cfab657f5ec5dbc39b931431811ac22314a3bfc9849ede111187f3251350&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=cb9d80f5fbc22960c31f8ba07e924c47&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e
200 OK 781 B URL HTTP/1.1 whiskerssituationdisturb.com/watch.1057611641868?shu=d9f510cc377e0045706a0273f5f1ea1887574a1978e4bc0eb6db0d08ad55b791e589769899bbfcb252325f0fc9654eff2c083d6d6280bed18e49dc3ab74d522ecbcb03cfab657f5ec5dbc39b931431811ac22314a3bfc9849ede111187f3251350&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=cb9d80f5fbc22960c31f8ba07e924c47&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (567)
Hash e586d4c9d81c59800b6baa4834a08bf7
420dbfbd32cb898f82ef3df533724f7f4bdb4498
c4b0f27e71b60f40d2b0ab038d1a770d6d5e5702cbcb285b66c0474a72dca720
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1057611641868?shu=d9f510cc377e0045706a0273f5f1ea1887574a1978e4bc0eb6db0d08ad55b791e589769899bbfcb252325f0fc9654eff2c083d6d6280bed18e49dc3ab74d522ecbcb03cfab657f5ec5dbc39b931431811ac22314a3bfc9849ede111187f3251350&pst=1669508365&rmtc=t&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1&pii=&in=false&key=cb9d80f5fbc22960c31f8ba07e924c47&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&res=12.1053&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&tz=0&dev=e HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whiskerssituationdisturb.com/watch.1057611641868?key=cb9d80f5fbc22960c31f8ba07e924c47&kw=%5B%22pokemon%22%2C%22ultra%22%2C%22fire%22%2C%22red%22%2C%22gba%22%2C%22pt-br%22%2C%22-%22%2C%22mundo%22%2C%22do%22%2C%22nando%22%5D&refer=http%3A%2F%2Fmundo-do-nando.com%2Fpokemon-ultra-fire-red-gba-pt-br%2F&tz=0&dev=e&res=12.1053&uuid=b15f2233-0033-40d8-b718-c81b46dc58da%3A3%3A1
Cookie: u_pl=17704737; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzcwNDczNywiayI6IjVjNjQzYmRkNzA3NDg4OWJlMjVkMDEzYjNlZTk3ODkxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTQzMzk3LCJwaWQiOjkzNTcwLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIyLCJhaWQiOjI2LCJwdCI6NCwicGsiOiJ4MHlodGdwOHMyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9tdW5kby1kby1uYW5kby5jb20vcG9rZW1vbi11bHRyYS1maXJlLXJlZC1nYmEtcHQtYnIvIn19.kSEeaQe9mvINe3QClkFBC4oeoJxxqeVm2QC7ipjzc4Q; uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 00:18:26 GMT
Content-Type: text/html
Content-Length: 781
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Origin: http://mundo-do-nando.com/pokemon-ultra-fire-red-gba-pt-br/
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17704737,16238869; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
uid_id2=b15f2233-0033-40d8-b718-c81b46dc58da:3:1; expires=Sun, 04 Dec 2022 00:18:26 GMT; secure; SameSite=None
iprc3f42f0d805dc78ef7923ef67d037a330=2717342; expires=Mon, 28 Nov 2022 02:18:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
pdhtkv27=true; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
uncs27=1; expires=Mon, 28 Nov 2022 00:18:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61a2a1197330610f1f584dc25255e522
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Hash d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yearbookhobblespinal.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:26 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Tue, 29 Nov 2022 00:18:26 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1f6b302933d460ab447356556838501c
00d2123ec7f0ef5bf0d648bf4d15e69cd9902f4e
8240f397607869e239c216ca93f78f84e25299c0ad4e7483b2bd53f7861142f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8240F397607869E239C216CA93F78F84E25299C0AD4E7483B2BD53F7861142F0"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2838
Expires: Sun, 27 Nov 2022 01:05:44 GMT
Date: Sun, 27 Nov 2022 00:18:26 GMT
Connection: keep-alive
www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16552436
200 OK 1.3 kB URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16552436
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8ac17dd9709c81a6c5a4127a48eaf7c4
7e2af976ce048348e2a926bd4626ea1e67bc45a2
6c2a064567a1c72983a3068f60bb4dfce96c932c9b6b3c938588da0287360b3f
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16552436 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://soldierreproduceadmiration.com/
Cookie: u_pl=16122660; iprc567d6ecc96280ae2e740aef3f6873862=3806410; pdhtkv=true; uncs=1; pdhtkv28=true; uncs28=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 00:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTY1NTI0MzYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vc29sZGllcnJlcHJvZHVjZWFkbWlyYXRpb24uY29tLyJ9fQ.6RHMQuu-1dOLM0HCHF2U0v4KauC8E2ZzC8mvZUKszjo; expires=Sun, 27 Nov 2022 00:19:26 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56a727d7271c3963ac09060f1fc6c426
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.spikereekvelocity.com/dyfc1k09?shu=97a8c9d7a638d0df6596ab4b5f43a4031762377f7f66f7d0e9764f6503efa0c4ca83629606bf2f8ee4b3b5a07d8b93706c4ffce7ed0902d6ab3255213fe1638d4e251955c3d0aab44816c347a230c5afebd10e2544ec05c4a3e311aa4700d0&pst=1669508366&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fsoldierreproduceadmiration.com%2F&psid=16552436
302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?shu=97a8c9d7a638d0df6596ab4b5f43a4031762377f7f66f7d0e9764f6503efa0c4ca83629606bf2f8ee4b3b5a07d8b93706c4ffce7ed0902d6ab3255213fe1638d4e251955c3d0aab44816c347a230c5afebd10e2544ec05c4a3e311aa4700d0&pst=1669508366&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fsoldierreproduceadmiration.com%2F&psid=16552436
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=97a8c9d7a638d0df6596ab4b5f43a4031762377f7f66f7d0e9764f6503efa0c4ca83629606bf2f8ee4b3b5a07d8b93706c4ffce7ed0902d6ab3255213fe1638d4e251955c3d0aab44816c347a230c5afebd10e2544ec05c4a3e311aa4700d0&pst=1669508366&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fsoldierreproduceadmiration.com%2F&psid=16552436 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; iprc567d6ecc96280ae2e740aef3f6873862=3806410; pdhtkv=true; uncs=1; pdhtkv28=true; uncs28=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTY1NTI0MzYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vc29sZGllcnJlcHJvZHVjZWFkbWlyYXRpb24uY29tLyJ9fQ.6RHMQuu-1dOLM0HCHF2U0v4KauC8E2ZzC8mvZUKszjo; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 00:18:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18dbd5add959aa5604642a77b143f8b1&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
Set-Cookie: iprcb4dc099f3c39fc73dc58a46e575f1d8a=3818673; expires=Thu, 01 Dec 2022 00:18:26 GMT
uncs=2; expires=Mon, 28 Nov 2022 00:18:26 GMT
uncs28=2; expires=Mon, 28 Nov 2022 00:18:26 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5b1b50522d4fb369e6d64fa29ceffcbc
Strict-Transport-Security: max-age=0; includeSubdomains
binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18dbd5add959aa5604642a77b143f8b1&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
302 Found 0 B URL HTTP/1.1 binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18dbd5add959aa5604642a77b143f8b1&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18dbd5add959aa5604642a77b143f8b1&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683 HTTP/1.1
Host: binomnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 00:18:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=vccivcgh8n; expires=Mon, 28-Nov-2022 00:18:27 GMT; Max-Age=86400; path=/
uclickhash=vccivcgh8n-vccivcgh8n-5mi4-0-qe0-du6o-dudz-511d85; expires=Mon, 28-Nov-2022 00:18:27 GMT; Max-Age=86400; path=/
Location: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=ed1b4vccivcgh8nf7d&var=16122660
ak.hetapus.com/afu.php?zoneid=5460778&ymid=ed1b4vccivcgh8nf7d&var=16122660
200 OK 3.0 kB URL HTTP/2 ak.hetapus.com/afu.php?zoneid=5460778&ymid=ed1b4vccivcgh8nf7d&var=16122660
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash ea6f3b20789e5cf35b4e337a05d47524
9bce511a2322bf792bb826f00d217913af726f04
d0c4c4e288bc45c992b74b8555b6bf77e06865f4fbabe22fd029fb4b9ddc8601
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=5460778&ymid=ed1b4vccivcgh8nf7d&var=16122660 HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 5dce91073703e73780c9bd8e6a503e37
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
expires: Sun, 27 Nov 2022 00:18:27 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 00:18:27 GMT
content-length: 2989
vary: Accept-Encoding
set-cookie: OAID=88e072b3920e4ca195badd9e894c32c7; expires=Mon, 27 Nov 2023 00:18:27 GMT; path=/; secure; SameSite=None
oaidts=1669508307; expires=Mon, 27 Nov 2023 00:18:27 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7210
Expires: Sun, 27 Nov 2022 02:18:37 GMT
Date: Sun, 27 Nov 2022 00:18:27 GMT
Connection: keep-alive
ak.hetapus.com/favicon.ico
204 No Content 0 B URL HTTP/2 ak.hetapus.com/favicon.ico
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=ed1b4vccivcgh8nf7d&var=16122660
Cookie: OAID=88e072b3920e4ca195badd9e894c32c7; oaidts=1669508307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
expires: Sun, 27 Nov 2022 00:18:27 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 00:18:27 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=88e072b3920e4ca195badd9e894c32c7
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=88e072b3920e4ca195badd9e894c32c7
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=88e072b3920e4ca195badd9e894c32c7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 00:18:27 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=88e072b3920e4ca195badd9e894c32c7; expires=Mon, 27 Nov 2023 00:18:27 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false
302 Found 0 B URL HTTP/2 ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5460778&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 548
Origin: https://ak.hetapus.com
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&var=5460778&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=88e072b3920e4ca195badd9e894c32c7; oaidts=1669508307
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: 188fd9b0dae29ff38f3e155b2259ce24
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620525417107034580&subid1=5460778&cost=0.002240&rdk=rk3
access-control-allow-origin: https://ak.hetapus.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sun, 27 Nov 2022 00:18:27 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 00:18:27 GMT
set-cookie: OAID=88e072b3920e4ca195badd9e894c32c7; expires=Mon, 27 Nov 2023 00:18:27 GMT; path=/; secure; SameSite=None
oaidts=1669508307; expires=Mon, 27 Nov 2023 00:18:27 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 04 Dec 2022 00:18:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e92d34f2d01c391858bc6651b80d7534
3c053ca070b90b531855813b5d31818db4cdb47d
bb6c526736b4cece515346d41f812bce3ba2a45520126ced68ad07b951942aa0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB6C526736B4CECE515346D41F812BCE3BA2A45520126CED68AD07B951942AA0"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1757
Expires: Sun, 27 Nov 2022 00:47:44 GMT
Date: Sun, 27 Nov 2022 00:18:27 GMT
Connection: keep-alive
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620525417107034580&subid1=5460778&cost=0.002240&rdk=rk3
302 Found 0 B URL HTTP/2 eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620525417107034580&subid1=5460778&cost=0.002240&rdk=rk3
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620525417107034580&subid1=5460778&cost=0.002240&rdk=rk3 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 27 Nov 2022 00:18:27 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
set-cookie: rauid=n2Oo2OCCSh-rP3kV8N5HiQ; expires=Mon, 27 Nov 2023 00:18:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
302 Found 0 B URL HTTP/1.1 35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop HTTP/1.1
Host: 35.227.234.222
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 27 Nov 2022 00:18:27 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 27 Nov 2022 00:18:28 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 00:18:28 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 27-Nov-3021 00:18:28 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=37
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 00:18:28 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
set-cookie: JSESSIONID=node01s4ftb5vcrbuc9mpnxaj74few7694743.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01s4ftb5vcrbuc9mpnxaj74few; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 00:18:28 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 00:18:28 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 00:18:28 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2799402; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Sun, 27-Nov-2022 00:18:43 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669908_13896E710C2347D1B353B789EF340A3E; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=85891437; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2799402; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Sun, 27-Nov-2022 00:18:43 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2799402; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Sun, 27-Nov-2022 00:18:43 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 27 Nov 2022 00:18:28 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_13896E710C2347D1B353B789EF340A3E&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01s4ftb5vcrbuc9mpnxaj74few; uniattr=ST.0.T; uniattr_ref=; campaignId=2799402; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_13896E710C2347D1B353B789EF340A3E; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2799402; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 00:18:28 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 27 Nov 2022 00:18:28 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
200 OK 638 B IP
ASN #20940 Akamai International B.V.
Hash 7fbbde345541e30617e85c34ecfc595a
e610225d6a556410936e496fc763a72dca15b058
45e36cdd75fc3482317bbd0b5e83cef2462281cec8272f0beee5a91f75df5494
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Sun, 27 Nov 2022 00:18:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash 7d8726abc129a171336f2dd77bd5a744
70e44f661b5e92374fa76db71d09c0ce504ade53
58e8477c9460c09b96bd6ef1c62776cb8f14e26385a67fcb585234e5195cbc5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1468
Cache-Control: max-age=130376
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Etag: "63820160-118"
Expires: Mon, 28 Nov 2022 12:31:24 GMT
Last-Modified: Sat, 26 Nov 2022 12:06:56 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 06:32:03 GMT
expires: Thu, 23 Nov 2023 06:32:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 323185
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
200 OK 887 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
Hash 150c7ee1fd4dff4d0cee8389929aaa63
38c70aa5d64802f9ebb388ba475085f37fa853f5
5ffe27bff9aba78264ccc3e039fe112b0538a3a4cded54b4d16f0900efc8327b
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: 852e9d2a-a01e-0055-56f4-010289000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
200 OK 5.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
IP
Hash 668cff4c066129fc0d4d45361307ac7b
15d62abdc3b14897a90b7b5e4a860d6ca1db6acc
a5861c4976624c1987b8bbcfc52354ab7e0d09ac53ee79ebc78a70867484ba8e
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB10C7230"
x-ms-request-id: a90c6983-b01e-0076-27f5-01984a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: 7JHPP2BeVU5ANlt9sqHmUKzp7fn5DUZiWgTsgCd5ljWDlmUP0ZKYKAF2o05XV0hkjiMH8dFk4fc=
x-amz-request-id: 7A9QY3QV0HCY2BBV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 39856
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qaaFvOtPFjdcekSrCSv1MnLgLiK0elO50tCOHs93IQslDvEEktyP%2Bi3u9UeDzwS5D0M8mN8fKmKeaix7vJOzbdDfrhZW4JME3St9ov5HFY8XMj6IUOXtaekhwiETgObrsfNgpNCm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7706afd18e65719c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
200 OK 2.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
Hash e387abdf61bc11a41252734bb2701edb
66550bf43acd30d85ecf8f3721e7372eb1869402
c34192db91eaeacba289725ce888bf272293453752d943c3a58b63259f980ed1
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 45c00553-f01e-0067-4af5-0102fe000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
200 OK 105 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
Size 105 kB (105084 bytes)
Hash 086e6c051951ac06f0c1a29c0618b560
281781cb2c521abb89ef020dd64a1616358bb37a
d3abacfb4fc3bd1ef93d6737cdee1853f00e64ae5dbb828b9dd1012586cd2ba5
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: ff400923-f01e-0005-61f5-01c0d9000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
200 OK 17 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP
ASN #47171 Unibet Services Limited
Hash 209c60a82cb12bde779a3843986a48ee
b700b903e5f578aa06438694fd3ba91c255c2ece
21dc7673d2d524af425d2e9552ba2e351170f61871d9548920b30071b28a1d46
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
Hash 0985faa27ecff1b5e96336868daf0076
002b5ba691be5f00f8ac54665e8df66e30508679
a9003291993f99a291584fd9bf0bc5cd78f0f063b993878db4e6ea9e6cc52a77
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 1a6ef4ac-d01e-0002-2af5-01acba000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
200 OK 2.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
Hash 970e228a7bac6f0329de4fb83bb8baac
b0e20370da2f27df6734d44967623f820baaa12c
11ec7f8d2a2ada5c74199e53f39d514b1cd71bc994f43dea77e072d1dab98ca1
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 6ede5cda-701e-0079-62f4-01ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
200 OK 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
Hash e68203a44eece910755e5c27ffcbb442
768d56c4ec1d4091f5d041bd9d85e165f9ff942a
b7907e94f747d2968411fb62126bc3644902e1fba5e001e3d3aa7ef3716d1273
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: 6dc94268-601e-0038-24f4-01b6c2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:21 GMT
expires: Thu, 23 Nov 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 276247
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
200 OK 86 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
Hash 2ce3c1eabd7a7e7bbef0cda48aba6d91
14f8c52fb14d9d2971c3c84b9f1baeaee02f6aa1
5407034e31ecf7e307daa9f0ba874099ec4bc322f627b385ebe490da17940a9d
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 812a8410-101e-0050-11f4-01d052000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 1d9982c4a878719ddada7e301fb40eca
b088389e7b4dca42ef7391324d6ebc7fc7d8e796
64dbc2a8bcfd6e778293004e63430dc61138124ce7a82e564d9bde62e90b5a60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6088
Cache-Control: max-age=113396
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Etag: "6381ad01-1d7"
Expires: Mon, 28 Nov 2022 07:48:25 GMT
Last-Modified: Sat, 26 Nov 2022 06:06:57 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669508308783
200 OK 496 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669508308783
IP
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash da8a6cae9ed6ff6e02b9e5cff8c2b70d
86d910e19260b5e0404dcc9b7130909c3f5155a6
4096ed92f378a8cc60fb1ebabcefc2ee35f9c8412fa74d32abc7ac03caed8acc
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1669508308783 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-03da2f349.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=08192883703333059640874001401096398533; Max-Age=15552000; Expires=Fri, 26 May 2023 00:18:29 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 9G0GJ5K3Tfs=
Content-Length: 496
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 439c3ba16a7f60f5b239b725b755b0e4
dfaa9f7b54b700427e5805de2ead54172c0529cc
18a73b51463dd7223cc97591fa4c69e627b622bfa0c80fa296fb0b6b1707be31
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1687
Cache-Control: max-age=114389
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Etag: "6381c213-1d7"
Expires: Mon, 28 Nov 2022 08:04:58 GMT
Last-Modified: Sat, 26 Nov 2022 07:36:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=08152918274909270950878164898985024350&ts=1669508308977
200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=08152918274909270950878164898985024350&ts=1669508308977
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=08152918274909270950878164898985024350&ts=1669508308977 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sun, 27 Nov 2022 00:18:29 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 27 Nov 2022 00:18:29 GMT
DCS: dcs-prod-irl1-2-v045-0135a6b4d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Vempf3jcS1Y=
transfer-encoding: chunked
Connection: keep-alive
ocsp.digicert.com/
200 OK 280 B IP
Hash c409bd3e61028d1ee92cb2a72f0f74fa
acca9bd606e7ceedf20333d0be72c75dab12d10a
c57b5f222a014ef087b6bb563193960172ca82d944cff272dac605a7577c1f66
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4407
Cache-Control: max-age=126098
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Etag: "6381e530-118"
Expires: Mon, 28 Nov 2022 11:20:07 GMT
Last-Modified: Sat, 26 Nov 2022 10:06:40 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
200 OK 421 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19324%7CMCMID%7C08152918274909270950878164898985024350%7CMCAAMLH-1670113108%7C6%7CMCAAMB-1670113108%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669515508s%7CNONE%7CvVersion%7C4.4.0; sessionPageNumber=1; campaignId=2799402; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: image/x-icon
content-length: 421
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: "0x8DACBBCB155306D"
x-ms-request-id: 7bb76966-f01e-0058-2af5-01ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
200 OK 12 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
Hash 8fed90934beb39dcfc437f102842baef
e31db1919495290d8a7e9f66813e5c8f7fa80f71
b147253ac0780ef7a985691c457f4bc43cdf761336ca5b5cbe360f9ce2fc428b
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: d6e8564b-401e-003f-17f4-01daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
200 OK 1.8 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP
File type JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Hash 775ee2a63591384c061d5ffcc41ceeb6
b097425b0762684a106919f8c545aa60b5de5998
b3b440153941ceb0f40d89ffd748dd58ffbd93b4e4bcec0a7a8302247f7974ef
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: application/json
content-length: 1769
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 26 Nov 2022 22:47:05 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 5484
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd53eacb51d-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 00:18:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 66b138c4-9add-45ec-b780-556ff7157153
Set-Cookie: uuid2=5672169462433392185; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 00:18:29 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s42709309366587?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%200%3A18%3A29%200%200&mid=08152918274909270950878164898985024350&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A18%20AM%7CSunday&v6=12%3A18%20AM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669508309&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_13896E710C2347D1B353B789EF340A3E&v126=85891437&v127=37950&v134=1669508308&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s42709309366587?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%200%3A18%3A29%200%200&mid=08152918274909270950878164898985024350&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A18%20AM%7CSunday&v6=12%3A18%20AM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669508309&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_13896E710C2347D1B353B789EF340A3E&v126=85891437&v127=37950&v134=1669508308&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s42709309366587?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%200%3A18%3A29%200%200&mid=08152918274909270950878164898985024350&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_13896E710C2347D1B353B789EF340A3E%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A18%20AM%7CSunday&v6=12%3A18%20AM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669508309&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_13896E710C2347D1B353B789EF340A3E&v126=85891437&v127=37950&v134=1669508308&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 27 Nov 2022 00:18:29 GMT
expires: Sat, 26 Nov 2022 00:18:29 GMT
last-modified: Mon, 28 Nov 2022 00:18:29 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3585241795446046720-4619737462559940945
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 00:18:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: cc746bd4-6b47-440c-a264-5d6d5200fe07
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GU#tD.iG!]tbP6j2F-XstGt!@D@.$XRlI; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 00:18:29 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 111214
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd5bf02b51d-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d3a5b4edb3e666614bdc18634f9588f7
7562e9eefe1da0a93c457950466c805d60278ddd
e43bf5f136f59507ca4d69c5fe57cdda15f97a857ea7237093725bff3f246800
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=137223
Date: Sun, 27 Nov 2022 00:18:29 GMT
Etag: "63821c1d-1d7"
Expires: Mon, 28 Nov 2022 14:25:32 GMT
Last-Modified: Sat, 26 Nov 2022 14:01:01 GMT
Server: ECS (dcb/7FA4)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kwXrD_3ffmwfI-tqpPwORGKjbxBmBRS31y5c_P34X3S4WXZg9rfxJw==
Age: 1471
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463752
200 OK 144 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463752
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash acc4dc347195a453beb694d728cbddb4
5a64dc29867717a8c2d11cdc72b05a4c8fbfe1eb
99f69a211037c00d017adf9124d354c55b7cdd810a4a22dd774b18674be85566
GET /pages/data-scripts/0012/9242/sampling/welcome.unibet.com.json?t=463752 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: application/json
content-length: 144
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sat, 26 Nov 2022 23:15:25 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 3783
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd61f5cb51d-OSL
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=08192883703333059640874001401096398533
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=08192883703333059640874001401096398533
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=08192883703333059640874001401096398533 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 27 Nov 2022 00:18:29 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4Ks1QAAAGnYxANe; Domain=.everesttech.net; Expires=Mon, 27-Nov-2023 00:18:29 GMT; Path=/
everest_session_v2=Y4Ks1QAAAGnYxQNe; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4Ks1QAAAGnYxANe
Server: AMO-cookiemap/1.1
ocsp.digicert.com/
200 OK 279 B IP
Hash 745edf4df6fae2795d50d5a4641c7564
4bf8eeccc017ef4a70e387bce0be8371a5187eba
1cf96274e3a2a3a6f1b032fe93f1dcfaf7987b547cd40c5ba33d9d57aa76ae7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6426
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Last-Modified: Sat, 26 Nov 2022 22:31:23 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 745edf4df6fae2795d50d5a4641c7564
4bf8eeccc017ef4a70e387bce0be8371a5187eba
1cf96274e3a2a3a6f1b032fe93f1dcfaf7987b547cd40c5ba33d9d57aa76ae7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2556
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Last-Modified: Sat, 26 Nov 2022 23:35:53 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 745edf4df6fae2795d50d5a4641c7564
4bf8eeccc017ef4a70e387bce0be8371a5187eba
1cf96274e3a2a3a6f1b032fe93f1dcfaf7987b547cd40c5ba33d9d57aa76ae7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6426
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 00:18:29 GMT
Last-Modified: Sat, 26 Nov 2022 22:31:23 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
200 OK 1.9 kB URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0d3b25d24a9f39a3b7b2a4b8f815ee20
e37c0026de1ea9a4d5a9931d9a4260b91c310201
71fcfaaef0187e7ee4a219f0cacddcbeedcc3f1f6a03d1e970e0a3711513dbf6
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 432
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd68c65b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
pagestates-tracking.crazyegg.com/healthcheck
200 OK 19 B URL HTTP/2 pagestates-tracking.crazyegg.com/healthcheck
IP
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: pagestates-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Fri, 30 Sep 2022 16:18:54 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dn0Xx3VM3O3adf5cTBRfT1ILzg4FsLtJPeFoa91tSG1hotEvuJOWlg==
age: 4953576
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
200 OK 9.6 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 6103c9b2b11737970141cff3f414c1a7
95043d16e54482436c636979051c1cd3547932e7
b902cfe141a02c320e5b7d483d2d81c81a99d713a16e4e4dace17b353c6174d9
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 27 Nov 2022 00:18:29 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4Ks1QAAAGnYxANe
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4Ks1QAAAGnYxANe
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4Ks1QAAAGnYxANe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-07303b075.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: tj1bFxMHTfs=
Content-Length: 59
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 5d36531f0dca1b774f3cbf347dbe9a98
832b72b2b0cb847dac8b11ea054dd3e9c27369ac
5f8d0f529a03c035331f8eeb716b0e7d37eee79191208bdc2799ef0d34be4b03
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145038
Date: Sun, 27 Nov 2022 00:18:29 GMT
Etag: "63822b8c-1d7"
Expires: Mon, 28 Nov 2022 16:35:47 GMT
Last-Modified: Sat, 26 Nov 2022 15:06:52 GMT
Server: ECS (dcb/7F38)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: N9_X7-IfH0a8Ji7dcvENNG2BW_sgzniQiaaG6IKDjWJnTglDhA4-Sg==
Age: 5335
tracking.crazyegg.com/clock?t=1669508309527&tk=49f5480a39da8ce7e59e73633af4ed5a
200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1669508309527&tk=49f5480a39da8ce7e59e73633af4ed5a
IP
File type ASCII text, with no line terminators
Hash 3daa1f38623b20f7ca378640b01cb8cd
38cddda872428339e38261cbff299e5d3b501688
176ebad5ead299a2f729b353081cb7959ccd1d1e963a908111fabfd81b1b8ed9
GET /clock?t=1669508309527&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: 13306e7f-901e-004e-56f5-013c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.unibet.com/
200 OK 0 B IP
ASN #47171 Unibet Services Limited
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19324%7CMCMID%7C08152918274909270950878164898985024350%7CMCAAMLH-1670113108%7C6%7CMCAAMB-1670113108%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669515508s%7CNONE%7CvVersion%7C4.4.0; campaignId=2799402; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/html;charset=utf-8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Sun, 27 Nov 2022 00:19:04 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
set-cookie: clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?463752
200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?463752
IP
GET /pages/scripts/0012/9242.js?463752 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 26 Nov 2022 22:47:05 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5484
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd52ea4b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 2a5ad16a-001e-004c-57f5-018232000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: text/css
x-amz-id-2: bDlIamUY1QfJPc4QlUBnXFv1f1qQDGvTvEH6wm5EFeK9XBcJboUVX25kNqwZs6Ih/vyIsNf6eIM=
x-amz-request-id: 39MR148XF08XCMJM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 39924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SpvgrhBsSyIkAaG%2FQThdWx3pohuVTmGXRrgiSi6nxv%2FdFd5DW4M47ZgFYAsHVpXnXH2QRGl9FYeRVaZwJGi%2FASSRR5HV2tK95aZSjgZD%2F1slE%2FMf322qcxgBVjzcJqtRI5RXTTBc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7706afd0ad86719c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700&display=swap&ver=1.1.2
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700&display=swap&ver=1.1.2
IP
GET /css?family=Lato%3A300%2C400%2C700&display=swap&ver=1.1.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mundo-do-nando.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 00:18:23 GMT
date: Sun, 27 Nov 2022 00:18:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 24cd1176-601e-0007-19f4-017e61000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sat, 26 Nov 2022 22:47:05 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5484
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd51e7db51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: ec202e46-701e-0034-2e7c-0121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 00:18:28 GMT
date: Sun, 27 Nov 2022 00:18:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:29 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 411
vary: Accept-Encoding
server: cloudflare
cf-ray: 7706afd67c48b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_13896E710C2347D1B353B789EF340A3E&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669508308062)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127018%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228474241166%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 00:18:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: dfca03ce-c01e-0031-1df4-01f311000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
192.185.210.173
15.236.176.210
104.18.32.68
23.36.79.25
3.248.121.63
85.184.96.0
185.89.210.20
93.184.220.29
104.40.147.180