worldcapacity.blogspot.com/
172.217.21.161 59 kB URL worldcapacity.blogspot.com/
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (474)
Hash 0f5f34a3e4ed57fda2c92f8646c92191
caf291da1da3e0a011f9ab78e3495a313b1ff0e4
fac05f87ad4cd192bf6cab5775411b8d73202185e6e7af0cd1d0c9b7b262a4a5
GET / HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Tue, 05 Dec 2023 11:51:47 GMT
date: Tue, 05 Dec 2023 11:51:47 GMT
cache-control: private, max-age=0
last-modified: Tue, 05 Dec 2023 11:34:36 GMT
etag: W/"131d38c04e127236d3ce91bc08674e583da8cd17c531c2c67ef2b07e66611242"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 58902
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
worldcapacity.blogspot.com/js/cookienotice.js
172.217.21.161 2.0 kB URL worldcapacity.blogspot.com/js/cookienotice.js
IP 172.217.21.161:0
Hash a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
GET /js/cookienotice.js HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 05:48:48 GMT
expires: Tue, 12 Dec 2023 05:48:48 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 20:05:01 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 21780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
104.17.24.14 19 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (52276)
Hash 5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: text/css; charset=utf-8
content-length: 18778
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64cac444-495a"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1061039
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RmTh212rZxMujz%2BFDVWLgZj5D%2BcErEmMXK5vjB6AggumCPj42C8PoqaubvfeR5Zdxbs5spuS0ZvJ38PQ6Dcn4KzV5MBD44J8J8RimiJow5k9WDPkx9mpYNGVcu6ckxbiwbF4hIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c144e9b4bb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.74 34 kB URL ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:14:46 GMT
expires: Fri, 29 Nov 2024 05:14:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 455822
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3754116945-widgets.js
216.58.207.233 59 kB URL www.blogger.com/static/v1/widgets/3754116945-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2258)
Hash 0f3580b0033bbd151cdb647634be7404
4d8508ef28b0e50fa8c28ccaeb1f2a6855a75bdc
38d944d88c98612f76ed693afb143f1c032ca27ba56ec46a6714ab3dc511f974
GET /static/v1/widgets/3754116945-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:26:52 GMT
expires: Wed, 04 Dec 2024 07:26:52 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 23:28:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 15896
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4.bp.blogspot.com/-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png
142.250.74.161 3.7 kB URL 4.bp.blogspot.com/-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png
IP 142.250.74.161:0
File type PNG image data, 680 x 349, 8-bit/color RGB, non-interlaced\012- data
Hash 6b640c8cb090eea4724a53b0c320b08f
92d00a5cdd667c0157a40e442cc9dd1485cdb290
fd7739e2674c5fe13e0a51140a51189b82c5bbaf087c18a04d30b62fad9648a8
GET /-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="nth.png"
x-content-type-options: nosniff
server: fife
content-length: 3725
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:28:23 GMT
expires: Wed, 06 Dec 2023 11:28:23 GMT
cache-control: public, max-age=86400, no-transform
age: 1405
etag: "v76c"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
104.17.24.14 110 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
IP 104.17.24.14:0
File type Web Open Font Format (Version 2), TrueType, length 109808, version 772.1280\012- data
Size 110 kB (109808 bytes)
Hash 005c9aa92b564b73b7582cc4f1fa49cb
373361ed756b1fe68ce2f5968d467826b6973bb5
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1
GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 109808
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-1acf0"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1157478
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XiL3n%2Fl5jxan8HQDuUrqtsnna6Ikiptvk494w%2BHUWdNzPhU64SLDzPaO4wFR8Oi5SUGS%2FMLmr9aRrnYhQ66glFcq%2BPVM4pZfTbrqShNNj7puEoZASsYEnGP8XDbu0yGw9xGaYnnf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c14501c55b500-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
104.17.24.14 150 kB URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
IP 104.17.24.14:0
File type Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280\012- data
Size 150 kB (150020 bytes)
Hash d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-24a04"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1060871
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLXZ0nsYrzNNhfwndbht74malld37Oe2dt0GJ6zCHFbDYYbHD2s6PZXuFtBgN54XSJ7TH5SDUoA4y0wM0nC2FEQbPX6PTkhlMsTLdgTJ0cojXdt2BhMQ66uXJnsgog8SmavgJADp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c14501c56b500-OSL
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.163 7.9 kB URL fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:07 GMT
expires: Fri, 29 Nov 2024 05:00:07 GMT
cache-control: public, max-age=31536000
age: 456701
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
142.250.74.163 36 kB URL fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Hash 78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e
GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.163 7.8 kB URL fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 01:53:03 GMT
expires: Wed, 04 Dec 2024 01:53:03 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 35925
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.163 7.7 kB URL fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:13:52 GMT
expires: Fri, 29 Nov 2024 05:13:52 GMT
cache-control: public, max-age=31536000
age: 455876
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
142.250.74.163 36 kB URL fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Hash 78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e
GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg
142.250.74.97 3.7 kB URL blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash b954e82ab2c9eaeeee4d45674b52e2b5
8268d6bdf9ab40c44e82792934d532cc66d19667
b2ae9354d0d3026f61983fede79a93c7a9590034c675f59d709951ac700e5f02
GET /img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v4"
expires: Wed, 06 Dec 2023 11:51:48 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="images.jpg"
x-content-type-options: nosniff
date: Tue, 05 Dec 2023 11:51:48 GMT
server: fife
content-length: 3688
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190
142.250.74.97 7.1 kB URL blogger.googleusercontent.com/img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 190x48, components 3\012- data
Hash cc7e313ec0b044b17873e63ed8878e5a
057468feaf147fe79a61bc8290abf8534f92714d
979602f79544aa8982f2782bfec796cec4304d222058b970ba2029065c437929
GET /img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v336c"
expires: Wed, 06 Dec 2023 11:51:48 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="logo_kailas.jpg"
x-content-type-options: nosniff
date: Tue, 05 Dec 2023 11:51:48 GMT
server: fife
content-length: 7118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Hash 3b517423a8d20e6e8fc9547a3c4ec7ac
14c328058f7a51d1fbfda9ffc65f47b2a2d5719a
0e4111eb31f2796b4e0126f18dda173d5db2645a4b7eeef319bbac0da62a188e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f067e4e6a7216bf3811987f66f6e285e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
worldcapacity.blogspot.com/responsive/sprite_v1_6.css.svg
172.217.21.161 2.2 kB URL worldcapacity.blogspot.com/responsive/sprite_v1_6.css.svg
IP 172.217.21.161:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7657)
Hash d4dcfc8144f556815c7a1d84ed4e959e
22088bd6cdf970dcf7bfab9a74a4768548ca8890
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 05:48:48 GMT
expires: Tue, 12 Dec 2023 05:48:48 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 20:05:01 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 21781
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
142.250.74.163 36 kB URL fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Hash 78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e
GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25140
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pl21653577.toprevenuegate.com/0917d030d0012f74940d9e988c4444e7/invoke.js
173.233.137.36 9.3 kB URL pl21653577.toprevenuegate.com/0917d030d0012f74940d9e988c4444e7/invoke.js
IP 173.233.137.36:0
File type Unicode text, UTF-8 text, with very long lines (25099), with no line terminators
Hash c3e54ca206290fd527e38b87926a8db8
20f7205a834fd30ebab049140914ae53d068ca3a
621e9382e3051d506e537b4d1cdef2c4caf747e88defafd7137a044b450c7ed5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /0917d030d0012f74940d9e988c4444e7/invoke.js HTTP/1.1
Host: pl21653577.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8b9f2e81d6f7bcec019bbe7fc307b28
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash f344f43b1fd0a412dcc3f12bfcc9b524
935ca3bff002cd25d3104c674194958b36042ef2
0b666f07dece12824c59fbb4e58e92ebd73869f75e01b18b1ee9763a2f81ad31
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://worldcapacity.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Fri, 02 Dec 2033 11:51:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29622), with no line terminators
Hash 63d335d0b8f6469f8d63d2486bb1b1ad
edd045f6126a890593de73d7e43dff1c2d9e5308
46e719563c89339802f7017778c7d8a0a8d24cf4f3c4d4d4a64871991a49931c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d523102ceb3f6cbb65fb65fc0eb534e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29625), with no line terminators
Hash 9ad37d49fe99f3bb2f04d1435fc6a824
e686e39fab9d3960b942e8ff2d742513c9384528
0837e3a346124fcc8112664ddb3b8089dbe5b858fed473807bcc0069daecff8c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11580f11522c707061c7427d024a6979
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29604), with no line terminators
Hash fd97f2b0aec92b4bd2736e0f14564067
260452c8ee6d80dd1ccb96bf7fbe31188902d4da
de39398a435ded1da029a6d3e9b4cb307ecb6ed5bd7f8482dcd51befa39774dd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c4b1fcc8523f29b0d8d5f0e5b80951c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
192.243.61.225 0 B URL whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: whileinferioryourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da0a48ca5650577395da7188e65c4395
Strict-Transport-Security: max-age=0; includeSubdomains
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29625), with no line terminators
Hash 9ad37d49fe99f3bb2f04d1435fc6a824
e686e39fab9d3960b942e8ff2d742513c9384528
0837e3a346124fcc8112664ddb3b8089dbe5b858fed473807bcc0069daecff8c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a6c2f946523cdc8287e1d28fbf003f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
192.243.59.12 0 B URL traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=f32b4173ffb93dfbf4dfd23c46a0829c2504030a038c1e0fb58144b8741f52f3ea8a620f733508a2770978d904f90f00cfcb33a261f0453750c645662a1cb0a0de5a957c94b0877713d4a9bab18609a0a40dfbdf728eb7fa2c348aec65&pst=1701777170&rmtc=t
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b63b0e528a111482781276e1a3a5711e
Strict-Transport-Security: max-age=0; includeSubdomains
whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t
192.243.61.225 643 B URL whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (603)
Hash c29591c8292240497ef7f3f4cb62e12b
9c960b3810d498d633bce054bcf5185450e92083
42e02545394192d986fcf6fd3a4773c9eb0951dd538e575743ddfad54cd288b6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t HTTP/1.1
Host: whileinferioryourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
Referer: https://worldcapacity.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
iprc3dd831b45a7a44f101d9ca7449dde3d5=2717343; expires=Wed, 06 Dec 2023 13:51:50 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16b6c5fa0fe5ae8e2f7ca031f5793f61
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
173.233.137.60 11 kB URL www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Hash 7694578f90a0016056e67ca3f7d42383
3955c62acfcabc57dc0d73111009220043e6de87
07f3db591fcf673e703b4f9832250504f47a49dfb81a8a1eed033e0dd3e6b31c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef422ffd85f03f1c7d88728efc95db82
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
173.233.137.60 1.4 kB URL couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (680)
Hash 8d85d59c80443f36aa8bef6ebee438ca
05f7299dc5ab08dbfe1f382fd18c1bf80e320a47
a895f1f406149d4ed5da77ecf453073f288da82a60987b16d3676aa6d896abc0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: couldobliterate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 717ed3b8747d3e3437105191647a075c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
173.233.137.60 1.4 kB URL traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (676)
Hash 2d5f0e4d4f3f53a28a704b2974376c55
be90761f4f8b52c2dae8042436a64445b263ef92
5017b9c4120430fe6b561ef41b1ea919957d9570a7ca937aed10b1c478cf206b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.CtfaWzSPploclPxlieb7qYAgLZeTVQMjNkLIDkRVBp8; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 711b6e584946b3a742f8bf3b9b70d336
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
192.243.59.12 1.4 kB URL attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (672)
Hash a96f1c775d9bc532c9683507354106cf
c0c6c4c77a7e3fbdeb57bde137638a75a3b207b1
6415f85cc4d04bca784f0e2a5588974dc4bb024776585ee41a366c35b261e539
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5875a70e76973bcb6390a69075d0439e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
192.243.59.12 1.4 kB URL attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (668)
Hash d3dc184824b8c4f5865853cc8919e321
6404ee4a8c760fb254666f2111805a52d6824fc8
69e4cfed50df4e2335662dcb0e07aa963c8c8fdf1f1b46d9aaa223c4d2de5b88
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 242e5d0e80873aba299e950c73b0c21f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
manuretravelingaroma.com/pixel/nvrwe?error=timeout
192.243.59.20 0 B URL manuretravelingaroma.com/pixel/nvrwe?error=timeout
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/nvrwe?error=timeout HTTP/1.1
Host: manuretravelingaroma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
couldobliterate.com/api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
173.233.137.60 1.9 kB URL couldobliterate.com/api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2582)
Hash 91bbd96edb6bcf044e2190bfacf70edd
69aee4db08c805f485db868731f547419742a88b
39e183d1c7c25ec49418295cd6b620e7594014f3b01ca11df17b916bd892bb8a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: couldobliterate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1289c48ea79a5a4bd192ecaca6af3f7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
traumatizedenied.com/api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
173.233.137.60 1.8 kB URL traumatizedenied.com/api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP 173.233.137.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2531)
Hash 0663b1d29e03ebea75ddf8c481937522
ef077775cda05e5c3416a6178a3b8425cc22d3db
70ad56cc5add3de24ee6d1627f554a3446e21d95b64f33347c8141ac580bf554
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.CtfaWzSPploclPxlieb7qYAgLZeTVQMjNkLIDkRVBp8; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88f12730b947b0ff966dc0f1379441a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854
192.243.61.227 1.4 kB URL conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (492)
Hash 254c12bb6cbef106f1743848bf652230
fb8017668862a37c358b788ec45f6cf101604bac
4034dbd37f738146636fc5505efecbc65b5316b5438fb033cad4d042dd1f66c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Wed, 06 Dec 2023 11:51:51 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjE1NTI4NTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.BgpsqlC6ofESwsrlscMo195jqbsU2DsuzcCufaYJJOA; expires=Tue, 05 Dec 2023 11:52:51 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8c29d558bfb7036e86dd6ce2f36a6e5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
attendancereporterwren.com/api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
192.243.59.12 1.8 kB URL attendancereporterwren.com/api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2541)
Hash 55e43f0b3a20df9ad3fb6a06518a9419
01b8d81e530f920f7856cd3c23afbc7d14567f18
db4ce3d9438751ba9da214bb606bc231d0a30397e6d9ed943b63bfb0b69bd604
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ed2714cd3a7e5faf87669b1f861b7b1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
attendancereporterwren.com/api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
192.243.59.12 1.8 kB URL attendancereporterwren.com/api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2548)
Hash 96b11a3863bf9170399b562149c7228e
9e2c993a68dab6c44df53250a8f29e54e77eeda9
cd960ccdf8d1c6fd1dfc1f7c3bb8439c6c412bff42e962a617eaa24a0c857a31
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6db3e2db23e5f5150a408640cf862706
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false
192.243.59.20302 Found 0 B URL User Request GET HTTP/1.1 conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectconqueredallrightswell.com
Fingerprint9E:C2:75:0A:08:52:CB:97:0C:C6:54:67:5E:6F:7F:C9:D8:00:28:1C
ValidityTue, 14 Nov 2023 16:14:39 GMT - Mon, 12 Feb 2024 16:14:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjE1NTI4NTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.BgpsqlC6ofESwsrlscMo195jqbsU2DsuzcCufaYJJOA; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:52 GMT
uncs=1; expires=Wed, 06 Dec 2023 11:51:52 GMT
pdhtkv28=true; expires=Wed, 06 Dec 2023 11:51:52 GMT
uncs28=1; expires=Wed, 06 Dec 2023 11:51:52 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f0512dcb204ea7fa90ea9e4d4a7f595
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
13.107.246.53307 Temporary Redirect 0 B URL User Request GET HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP 13.107.246.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; domain=.unibet.com; expires=Thu, 05-Dec-3022 11:51:53 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 02Q5vZQAAAAAZ53QUExCPTp2kx2b3WEQ6U1ZHMjBFREdFMDUwOAAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Tue, 05 Dec 2023 11:51:52 GMT
content-length: 0
X-Firefox-Spdy: h2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node0120ohjsd0t6h5pqa9cgqfl9o341782.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
uniattr_ref="https://conqueredallrightswell.com/"; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affiliateId=1; Path=/; Domain=.unibet.com; Secure
B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; Path=/; Domain=.unibet.com; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BID=37950; Path=/; Domain=.unibet.com; Secure
PID=68246908; Path=/; Domain=.unibet.com; Secure
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; Path=/; Domain=.unibet.com; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.com; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://conqueredallrightswell.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Tue, 05 Dec 2023 11:51:53 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Tue, 05 Dec 2023 11:51:53 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
172.64.144.152302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c147268b256b5-OSL
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65451)
Hash a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:26:55 GMT
expires: Wed, 04 Dec 2024 11:26:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 1498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL GET HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
172.217.21.170200 OK 39 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 172.217.21.170:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Unicode text, UTF-8 text, with very long lines (24756), with CRLF, LF line terminators
Hash 009109eae452115ba323978943db2c3f
615ff6c1e915aab65f0367facec07bbb6e4f0b9e
d4ce844aba111e91f026f3eec9792a8bdd0f65df79b5c879c2d6d77ff38fe5e8
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 11:51:54 GMT
date: Tue, 05 Dec 2023 11:51:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
172.64.144.152200 OK 115 kB URL User Request GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
IP 172.64.144.152:443
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size 115 kB (114731 bytes)
Hash 698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: text/html; charset=utf-8
cf-ray: 830c14702e3756b5-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 168849aa-301e-0047-3571-277959000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
172.64.144.152200 OK 71 kB URL GET HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (693)
Hash 5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1473b9ed56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 359294
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
172.64.144.152200 OK 21 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cf-ray: 830c147268b456b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538916
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.140.13200 OK 74 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.140.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 535415
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFKJgvfZEkyNTcbRDxHmemJupII1u4fGhuzIxJ0wcexrLyBsHY7Jauw57DiPteImSQySGd2UbET%2F%2Fc9ikyvzOXl5Kk94FUH86CzUKJ7UkpyYX4SVDyGhh7Mdf9Rb1aot%2BSAFnxU0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830c1474abb9772c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 43731
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.163200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.163:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:31 GMT
expires: Fri, 29 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 456383
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 17 kB URL GET HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash 209c60a82cb12bde779a3843986a48ee
b700b903e5f578aa06438694fd3ba91c255c2ece
21dc7673d2d524af425d2e9552ba2e351170f61871d9548920b30071b28a1d46
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 4.7 kB URL GET HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4694), with no line terminators
Hash 6da85e5cdf0e4437fd98fd79cb2c2843
fc49c728348c8bdb8182e4b61ffe990af8a1d935
107b420a81c845bd10c95c525f57d4395f9a1309bb604f7a0f532e62dd41afa6
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 05 Dec 2023 11:51:54 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
content-length: 4706
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
172.64.144.152200 OK 1.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Hash 49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c147268b056b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 360211
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
172.64.144.152200 OK 966 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Hash 60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cf-ray: 830c147268af56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 468847
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
172.64.144.152200 OK 11 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 830c14748ad056b5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 466607
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
www.unibet.com/
85.184.96.28200 OK 0 B IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/html;charset=utf-8
x-request-id: 4e12e08920079d5a1f4d31ae815b3554
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 11:52:07 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.48.126200 OK 25 kB URL GET HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.48.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 395
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec56569c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
172.64.144.152200 OK 13 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash 7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472386356b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 460988
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 192 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (25136)
Size 192 kB (192188 bytes)
Hash b0b4175cf14760a93648ab9e369691d7
d3b79412060af66ad5bd72ea25369c32b3ae660d
b9911b8bf9f2f33346cf4c46a52ca05130755b370396d5fd93a6390a4629c7f8
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 11:51:54 GMT
expires: Tue, 05 Dec 2023 11:51:54 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:53:07 GMT
expires: Fri, 29 Nov 2024 04:53:07 GMT
cache-control: public, max-age=31536000
age: 457127
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
172.64.144.152200 OK 22 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: text/css; charset=utf-8
cf-ray: 830c1472184056b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 453833
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
172.64.144.152200 OK 5.4 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, ASCII text, with very long lines (5609), with no line terminators
Hash 41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1472284d56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 370502
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
172.64.144.152200 OK 3.2 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Hash 910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385856b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 545265
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
172.64.144.152200 OK 421 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/x-icon
cf-ray: 830c14757bdc56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538770
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
172.64.144.152200 OK 5.9 kB URL GET HTTP/2 welcome.unibet.com/custom.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (6078), with no line terminators
Hash f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript
cf-ray: 830c1472285556b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 466701
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.unibet.com/
85.184.96.28200 OK 0 B IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/html;charset=utf-8
x-request-id: 4e12e08920079d5a1f4d31ae815b3554
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 11:52:07 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.48.126200 OK 4.9 kB URL GET HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.48.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Hash 7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 327
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec50569c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
172.64.144.152200 OK 807 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Hash f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385b56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538840
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
172.64.144.152200 OK 5.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Hash e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472588f56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 456685
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.48.126200 OK 1.1 kB URL GET HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.48.126:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Hash 8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 524
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec5a569c-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
172.64.144.152200 OK 16 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385e56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 373160
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
172.64.144.152200 OK 98 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 830c14745a6c56b5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 367959
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
85.184.96.28200 OK 74 kB URL GET HTTP/2 www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (65378)
Hash 3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246
GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=BLP.1.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 14:00:57 GMT
vary: Accept-Encoding
etag: W/"656ddb99-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.140.13200 OK 54 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.140.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (54456), with no line terminators
Hash 7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2332135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Ic8FDH%2BzAPlrvtDRcevV1hN0q8ustwz4nhytJVfUKRsUS5XbtKaaBsi%2FVBhrzIKIldIn1i%2F4vpgsqARz0rAj8oiG1Vy2N9OqvUQlnAHrYjWlpgFDCQOlmWnFRYYW0WPSChoLXDd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830c1472f9ea772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
172.64.144.152200 OK 1.1 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Hash 72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c147268ac56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 465224
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
172.64.144.152200 OK 4.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 172.64.144.152:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Hash cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1472184256b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 275955
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2