Report - recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU

Report Overview

Visited public
2023-12-05 15:05:16
Tags
URL
recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eu.can-get-so.me	unknown	2022-05-19	2022-05-24 07:08:11	2023-12-04 19:30:43	582 B	717 B	157.90.33.74
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-05 07:37:50	453 B	17 kB	172.217.21.170
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-05 06:24:59	437 B	193 kB	142.250.74.104
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-05 06:14:20	3.2 kB	206 kB	216.58.207.227
oodrampi.com	245552	2021-11-24	2021-11-25 03:49:07	2023-12-03 11:24:36	2.6 kB	99 kB	139.45.197.239
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-05 05:52:37	535 B	678 B	139.45.195.8
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-05 05:14:35	1.0 kB	186 kB	172.64.141.13
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-05 07:50:07	1.3 kB	2.5 kB	85.184.96.5
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-12-04 14:27:52	606 B	5.5 kB	104.40.147.180
mdakky.com	unknown	2023-10-12	2023-10-13 10:25:55	2023-12-04 19:41:24	1.1 kB	368 B	185.162.85.3
34.102.137.201	unknown	unknown	2023-04-14 11:45:02	2023-04-14 11:45:02	576 B	227 B	34.102.137.201
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-04 05:11:06	1.3 kB	1.7 kB	85.184.96.5
video-clickr.com	unknown	2023-09-07	2023-09-07 17:42:01	2023-12-03 11:24:35	1.5 kB	1.3 kB	144.76.181.26
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-04 04:40:05	549 B	1.4 kB	13.107.213.53
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-04 18:12:03	6.6 kB	82 kB	85.184.96.28
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-04 14:27:51	30 kB	290 kB	172.64.144.152
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-05 08:15:49	445 B	31 kB	142.250.74.42
recetasplus.com	unknown	unknown	No data	No data	5.5 kB	1.3 MB	188.114.96.1
3jashd11.monster	unknown	2023-08-18	2023-08-18 17:52:01	2023-12-03 05:14:47	563 B	680 B	188.72.236.39
track.wbdpnz.com	unknown	2022-05-27	2022-06-01 12:56:18	2023-12-04 11:41:47	777 B	898 B	18.158.88.249
ecrwqu.com	577459	2021-11-09	2021-11-09 21:59:02	2023-12-04 05:35:27	1.1 kB	1.7 kB	185.162.85.1
onekoh.com	unknown	2023-10-31	2019-08-29 22:56:59	2023-12-04 05:35:27	4.2 kB	39 kB	185.162.87.220
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-12-05 07:50:09	1.5 kB	33 kB	104.16.64.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 15:05:06	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	onekoh.com	Sinkholed
2023-12-05	medium	oodrampi.com	Sinkholed
2023-12-05	medium	oodrampi.com	Sinkholed
2023-12-05	medium	oodrampi.com	Sinkholed
2023-12-05	medium	34.102.137.201	Sinkholed
2023-12-05	medium	oodrampi.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:40 Times Seen57426 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5795 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	ScriptElement	1.8 kB	2023-03-07	2025-02-02
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen4745 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 16:05 Last Seen2023-12-05 22:46 Times Seen2 Hash 5d129a88c2dfc285991ecb31295edb81 f165eac1c9669f3adc6d3ba369e0780a7b1177dd 3f1ed32027ee04cea89f93c58600f733d28998d6263de49d150c37309a4e440c Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	92 B	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5784 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988	ScriptElement	364 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5771 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

		Size	First Seen	Last Seen
	#1 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (75)

URL IP Response Size

recetasplus.com/images/education-online-books.png

188.114.96.1

310 kB

URL
recetasplus.com/images/education-online-books.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced\012- data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QudRMadszYZm42iYrhWN2Vq3MRnJEoMERpDjq%2FnlLiRrpc8vVYKI0%2FMsFFSy6IBpsLJohwv%2BV4cMYB3w4Intsh66yFyQt5HCAs9csbF0PaDhNefMSc8%2FZbngl6Q9eU6N6Uo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43faa456b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg

188.114.96.1

24 kB

URL
recetasplus.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
24 kB (24232 bytes)
Hash
2b00b22d0fc9400405e0a93d2c32581d
9ccb0bcdab3c25027740217df2a64ee2dc18ec93
1b5d07b73321be8f54ea2281e6f6520f4d730df706676895c99d7e988cb96ffc

HTTP Headers

GET /images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 24232
last-modified: Tue, 15 Mar 2022 07:33:50 GMT
etag: "5ea8-5da3cd16c9380"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GxrM%2FAUgzc47u0zJ%2BK86P%2B6eeTB70m39oCEkqd57GTdu58ymMdWH5WGBNpLGBhCnBSEAdq%2F4NJV1J5%2B1BVpMfhAQIoWVSolQaaIxNTZywTaJVprOL6neRmKypbYqprfeIOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43faa756b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/avatar/portrait-young-redhead-bearded-male.jpg

188.114.96.1

26 kB

URL
recetasplus.com/images/avatar/portrait-young-redhead-bearded-male.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
26 kB (25921 bytes)
Hash
71e947fcdeaa5cf2a2a5dfb28e4921ec
cfa6b029f4437f5687bcd64227597584c47b7ab7
c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122

HTTP Headers

GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 10:21:33 GMT
etag: "6541-5da3f2939c540"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1467
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl4GlSMk%2FCJWBpu934P799Nqxom2dBYPopxkoZSM9JKN%2BlFS9aXLHzj6uuh7TY%2Fkm2EiaUWyDLbYmlUJO8F3yGm6%2B81H4BNXriWcQzMdRZI%2FgM%2BYOY1Q82yVp%2BRawT5CmpA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43faaa56b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/avatar/pretty-blonde-woman.jpg

188.114.96.1

30 kB

URL
recetasplus.com/images/avatar/pretty-blonde-woman.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1464
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNpBGOct%2BVDI1DcOUJUDU8CgmweJA2j8AmS%2FL33R2%2BOzpjHRTWFdRIwf7guZm%2BEpI9Y4ruxgZd2G7V4J53ja2CzDaCqlBZE1f60jYTyjjybQm7bETzM7STT3u11F22%2BZHzM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43faac56b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

188.114.96.1

26 kB

URL
recetasplus.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3\012- data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LyPcP8jXKLCaSQWvO0L4lVEscXwws4MchLOFU3NUdYh6gFyMMsh%2BH5063JOAmvszMVcrBQ1JQqIrVUeCZOlzElLj7TSX5JyjLsvoCAWzB4uxQo07W4zSaYSnfnUjbEDYYjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43faad56b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/tablet-screen-contents.jpg

188.114.96.1

220 kB

URL
recetasplus.com/images/tablet-screen-contents.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1836x1280, components 3\012- data
Size
220 kB (219556 bytes)
Hash
7cf6f9cbec501581b78c4c8e82f8b20d
c9bbda23f7cd24eca42a77a6961745abdbdc6c73
d70adc38af1c7c886564b0c2de6eeccb8e3ada43b4e4c9ae365a9491ac8a54a1

HTTP Headers

GET /images/tablet-screen-contents.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 219556
last-modified: Mon, 02 Jan 2023 03:08:26 GMT
etag: "359a4-5f13f43c87e80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4o0UF4rBJsSjc%2FF2FEYBz6C1GnaDWJU2u7q15WLlj3EwTxFVV8e%2FgJy1Dm1s4eD6jimpU8tdOp5UXuR0nQUrecb5a%2F22J9kx8xf%2Bnn7pJxJVIW10QYD39Pj9%2BgmhRLYgnTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f43fab256b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg

188.114.96.1

246 kB

URL
recetasplus.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1200x800, components 3\012- data
Size
246 kB (245913 bytes)
Hash
c2145d3454a8746683132d9e811983f1
8370e814fdff455fa198d7acb0842ef4f99e5911
0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4

HTTP Headers

GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 03:10:16 GMT
etag: "3c099-5f13f4a56f600"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFFPOelQFYdS%2FwbfJTmMKM9e54BncDLLwDTg1wQ4YCcG3T4DQk0NX%2B5CH8U9M3b2SKc3t5JiQYC6NwovqOoJR8GE0mGoHNzU%2B6OaITQO9nfMUgm%2FTWT9O5p3dxY1eCCVJz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f440abc56b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/images/businessman-sitting-by-table-cafe.jpg

188.114.96.1

271 kB

URL
recetasplus.com/images/businessman-sitting-by-table-cafe.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3\012- data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/hysj_gaming_mouse_download.zip?c=ANk7b2X8RQUAnVkCAFFBGQAMAAAAAADU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16B0GNM7II3jw%2BPuZuKZpicaoGdo0FTTWI2VDfggc9cHaCWHBU1DJpEpxKAKQhijkc7C0lVYZFle%2BM10VgNh8eJY5WNytHnFgRAMUM5YRvWbwjbaUHhTviIkj43Le55Zsek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f440abf56b1-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0\012- data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://recetasplus.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 20:44:24 GMT
expires: Tue, 03 Dec 2024 20:44:24 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 66034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0\012- data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://recetasplus.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 20:44:24 GMT
expires: Tue, 03 Dec 2024 20:44:24 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 66034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0\012- data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://recetasplus.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 20:44:24 GMT
expires: Tue, 03 Dec 2024 20:44:24 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 66034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

recetasplus.com/images/circle-scatter-haikei.png

188.114.96.1

28 kB

URL
recetasplus.com/images/circle-scatter-haikei.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (27975 bytes)
Hash
00fa544a8f7b68ecd2fa2269a8b29baf
f95d1fba2ca79d9eb64003c72b6d4124284b8006
6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61

HTTP Headers

GET /images/circle-scatter-haikei.png HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 02:34:34 GMT
etag: "6d47-5f13ecaaaa280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcVM9QNBfTfrynGFRK%2FZt21qv%2BdWxviyRQ4lxf%2FrrnjV15Og3H1my7ryr9n2px2vXi%2BoPeyCxIkriA7XQrWhj8mheSizZ7w0BFzCWrFrMjJAFrgVxBJ%2FlJCNZbdEpQ0nBxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f45ac8256b1-OSL
alt-svc: h3=":443"; ma=86400

recetasplus.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf

188.114.96.1

112 kB

URL
recetasplus.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 112440, version 1.0\012- data
Size
112 kB (112440 bytes)
Hash
31e1300d419245fd27614630601dc74d
3a284b0618771f29da8eb6be900e99439253dce0
c69bf1ccae5f13b5aa4345dcfeb209a8148ad0bfa1e0678b93792aae0429c764

HTTP Headers

GET /fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf HTTP/1.1
Host: recetasplus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/css/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 15:04:58 GMT
content-type: font/woff2
content-length: 112440
last-modified: Sat, 16 Jul 2022 23:30:40 GMT
etag: "1b738-5e3f485cec800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evuAVRta5Xg08x75ykwrZuuJCImT7Wk8p3H2Ijg9GaOPuxoYmWYvzGVH1g1EC656SmKfNMEiW3dVPSqIdxPgaR3GCbWYnDocLlh9E4N6992CjnVbdoMYKMhDN2uvWZI%2B%2FGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f45bc8956b1-OSL
alt-svc: h3=":443"; ma=86400

3jashd11.monster/z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06

188.72.236.39

178 B

URL
3jashd11.monster/z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06
IP
188.72.236.39:0
ASN
#35415 Webzilla B.V.

File type
HTML document, ASCII text
Size
178 B (178 bytes)
Hash
9d8ca671aea369a5a8bd7202193b6bcc
2a645e57489341ff80eda5fa9bea139e68fbdd68
a12ef012a1669a087b7b7de3d419bfb79af57eb8951e95affc353e43cf0f2f9a

HTTP Headers

GET /z2rFQ0ef07ae76d225cb15dc8ec2fe1ac9504dfb3bf06 HTTP/1.1
Host: 3jashd11.monster
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://recetasplus.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 05 Dec 2023 15:04:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 178
Connection: keep-alive
Accept-Ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Location: https://ptbqre.com/great?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0Nzk0NjYsInNyYyI6Mn0=eyJ&si1=347319&clickid=ABs8b2W3TAUAZF4CAE5PFwAMAAAAAACv

mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7427898304420053&sbid=347319&sbid2=

185.162.85.3

0 B

URL
mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7427898304420053&sbid=347319&sbid2=
IP
185.162.85.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.7427898304420053&sbid=347319&sbid2= HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptbqre.com
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 05 Dec 2023 15:05:00 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecrwqu.com/cuclc?aid=10744036409133518746&t=1701788700&s=877656

185.162.85.1

411 B

URL
ecrwqu.com/cuclc?aid=10744036409133518746&t=1701788700&s=877656
IP
185.162.85.1:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (411), with no line terminators
Size
411 B (411 bytes)
Hash
f8b2677fec2e5722050fd90056c81d7e
d9362a1df52657d295dbcba14750f7666286f619
60bc487d3c2c785d42d72f83cf2d6ccdd738c5d81466108c3fc8a4ccb9332ce4

HTTP Headers

GET /cuclc?aid=10744036409133518746&t=1701788700&s=877656 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 05 Dec 2023 15:05:00 GMT
content-type: text/html; charset=utf-8
content-length: 411
location: https://track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a479466&campaign_id=877656&country=NO&browser=Firefox&zone_id=a479466&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1138759&sub_period={sub_period}&cost=0.0001&click_id=a2_10744036409133518746_479466_2_0
X-Firefox-Spdy: h2

track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a479466&campaign_id=877656&country=NO&browser=Firefox&zone_id=a479466&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1138759&sub_period={sub_period}&cost=0.0001&click_id=a2_10744036409133518746_479466_2_0

18.158.88.249

0 B

URL
track.wbdpnz.com/34cb433c-770b-4be0-a140-affedeca6aad?source_id=a479466&campaign_id=877656&country=NO&browser=Firefox&zone_id=a479466&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1138759&sub_period={sub_period}&cost=0.0001&click_id=a2_10744036409133518746_479466_2_0
IP
18.158.88.249:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /34cb433c-770b-4be0-a140-affedeca6aad?source_id=a479466&campaign_id=877656&country=NO&browser=Firefox&zone_id=a479466&creative_id={CREATIVE_ID}&format=pops&os=Windows&partner_id=1138759&sub_period={sub_period}&cost=0.0001&click_id=a2_10744036409133518746_479466_2_0 HTTP/1.1
Host: track.wbdpnz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptbqre.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Tue, 05 Dec 2023 15:05:00 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
pragma: no-cache
set-cookie: 34cb433c-770b-4be0-a140-affedeca6aad-v4=xAKg83IkZIFMXOM7LVcnV1LvXapG-pObqikb6reYrM0; Max-Age=86400; Expires=Wed, 06-Dec-2023 15:05:00 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=uYpb54fVng%2BpoLQPFs3UvvNWPgxSzH89CeTzp4xYPkRdv01OPc4ewGgWW4wMsm%2FIjI8Hwvn%2Fjj9G4qq30mBJTTQI5TET8zqkNiWejjEzqthZ%2BgcqTFIgYFuh3jOPYG3%2FYKgOyGx1i2iUpIJ%2BxAyd6Q%3D%3D; Max-Age=31536000; Expires=Wed, 04-Dec-2024 15:05:00 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon1.png

185.162.87.220

7.3 kB

URL
onekoh.com/images/play-2/icon1.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.3 kB (7252 bytes)
Hash
3d0ab5834c8bf7134e4d21fa3288317f
c31d1a6b9df206f67ea194f4c424cdc372a423c2
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon1.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 7252
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-1c54"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon2.png

185.162.87.220

4.6 kB

URL
onekoh.com/images/play-2/icon2.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4576 bytes)
Hash
c947d439eb93367f1af5b2a3d222f057
5b4c10820d39e624bc6df72a113679da80a8e44e
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon2.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 4576
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-11e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon3.png

185.162.87.220

7.8 kB

URL
onekoh.com/images/play-2/icon3.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7847 bytes)
Hash
8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon3.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 7847
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-1ea7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon4.png

185.162.87.220

7.0 kB

URL
onekoh.com/images/play-2/icon4.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7032 bytes)
Hash
7ad7f32c1c0df7b4975cc41bda4ac435
81d57e996ee6cd9e122592e68ffa3d55c1ba10ff
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon4.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 7032
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-1b78"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon5.png

185.162.87.220

3.3 kB

URL
onekoh.com/images/play-2/icon5.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3264 bytes)
Hash
1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon5.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 3264
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-cc0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon7.png

185.162.87.220

3.3 kB

URL
onekoh.com/images/play-2/icon7.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3283 bytes)
Hash
b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon7.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 3283
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-cd3"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2

onekoh.com/images/play-2/icon8.png

185.162.87.220

4.1 kB

URL
onekoh.com/images/play-2/icon8.png
IP
185.162.87.220:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4064 bytes)
Hash
f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon8.png HTTP/1.1
Host: onekoh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/play-2_1?h=waWQiOjExMjkwNTQsInNpZCI6MTE1MDY5MCwid2lkIjozNzg2MzAsInNyYyI6Mn0=eyJ&click_id=w1gtkphfr5nesvgtim2tm900&si1=a479466
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: image/png
content-length: 4064
last-modified: Thu, 16 Nov 2023 08:25:05 GMT
etag: "6555d1e1-fe0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2

mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1129054&st=1150690&wd=378630&d=onekoh.com&tpl=78&rnd=0.030475224337291107&sbid=a479466&sbid2=

185.162.85.14

0 B

URL
mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1129054&st=1150690&wd=378630&d=onekoh.com&tpl=78&rnd=0.030475224337291107&sbid=a479466&sbid2=
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=18&src=2&p=1129054&st=1150690&wd=378630&d=onekoh.com&tpl=78&rnd=0.030475224337291107&sbid=a479466&sbid2= HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://onekoh.com
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecrwqu.com/cuclc?aid=10139685761817593076&t=1701788701&s=1109829

185.162.85.1

381 B

URL
ecrwqu.com/cuclc?aid=10139685761817593076&t=1701788701&s=1109829
IP
185.162.85.1:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381), with no line terminators
Size
381 B (381 bytes)
Hash
090f0ac2908ae2314da59b99de518e86
ebc9f7b11e7c17c060ef01db4d4ea74952d7366b
875582a2feb87a131355c5ad5fa8285db6877e2f8db7b0f53f6e07d08d5e5a77

HTTP Headers

GET /cuclc?aid=10139685761817593076&t=1701788701&s=1109829 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onekoh.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 05 Dec 2023 15:05:01 GMT
content-type: text/html; charset=utf-8
content-length: 381
location: https://video-clickr.com/crkpl6k.php?key=xeghw8ocilg3kkyf281c&click_id=a2_10139685761817593076_378630_2_0&cpa_cost=0.0000&SOURCE_ID=a378630&CAMPAIGN_ID=1109829&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a378630
X-Firefox-Spdy: h2

video-clickr.com/crkpl6k.php?key=xeghw8ocilg3kkyf281c&click_id=a2_10139685761817593076_378630_2_0&cpa_cost=0.0000&SOURCE_ID=a378630&CAMPAIGN_ID=1109829&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a378630

144.76.181.26

0 B

URL
video-clickr.com/crkpl6k.php?key=xeghw8ocilg3kkyf281c&click_id=a2_10139685761817593076_378630_2_0&cpa_cost=0.0000&SOURCE_ID=a378630&CAMPAIGN_ID=1109829&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a378630
IP
144.76.181.26:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /crkpl6k.php?key=xeghw8ocilg3kkyf281c&click_id=a2_10139685761817593076_378630_2_0&cpa_cost=0.0000&SOURCE_ID=a378630&CAMPAIGN_ID=1109829&COUNTRY=NO&BROWSER=Firefox&CREATIVE_ID={CREATIVE_ID}&FORMAT=pops&OS=Windows&LANG=en&ZONE_ID=a378630 HTTP/1.1
Host: video-clickr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onekoh.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Tue, 05 Dec 2023 15:05:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=gxsc8puo1m; expires=Wed, 06-Dec-2023 15:05:01 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=gxsc8puo1m-gxsc8puo1m-ej-16wj-4kvr-g6wj-g6vr-b1c6e2; expires=Wed, 06-Dec-2023 15:05:01 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=gxsc8puo1m; expires=Wed, 06-Dec-2023 15:05:01 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=gxsc8puo1m-gxsc8puop2-sc-0-bzwj-6jbl-vcbl-0a71a7; expires=Wed, 06-Dec-2023 15:05:01 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://video-clickr.com/nlp/index.php?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18&url_bnm_redirect=https://oodrampi.com/4/5886009
Strict-Transport-Security: max-age=31536000

video-clickr.com/nlp/index.php?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18&url_bnm_redirect=https://oodrampi.com/4/5886009

144.76.181.26

145 B

URL
video-clickr.com/nlp/index.php?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18&url_bnm_redirect=https://oodrampi.com/4/5886009
IP
144.76.181.26:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with no line terminators
Size
145 B (145 bytes)
Hash
2bb8dfd766a4c4ea7bb3eec7bcf4d932
4dce26ae32ad79fb49eb13fd318d4b6c761a18d2
130ee6d668d57d1cc82ed0e8f1b9d42fb4dbf388a541512abcb5cfe918be6af0

HTTP Headers

GET /nlp/index.php?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18&url_bnm_redirect=https://oodrampi.com/4/5886009 HTTP/1.1
Host: video-clickr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onekoh.com/
DNT: 1
Connection: keep-alive
Cookie: uclick=gxsc8puo1m; uclickhash=gxsc8puo1m-gxsc8puop2-sc-0-bzwj-6jbl-vcbl-0a71a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 05 Dec 2023 15:05:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

oodrampi.com/sftouch?userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf

139.45.197.239

2 B

URL
oodrampi.com/sftouch?userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf HTTP/1.1
Host: oodrampi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oodrampi.com
DNT: 1
Connection: keep-alive
Referer: https://oodrampi.com/4/5886009?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18
Cookie: OAID=db61d4034a64418795e6b07a879eaf2b; oaidts=1701788702
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
content-type: text/plain
content-length: 2
x-trace-id: bddf07b2dae34557a40bc5b298ce474b
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://oodrampi.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=db61d4034a64418795e6b07a879eaf2b&z=5886009&p_rid=2e93111b-aa22-4c41-a8c3-27c331744088&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oodrampi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=db61d4034a64418795e6b07a879eaf2b; expires=Wed, 04 Dec 2024 15:05:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

oodrampi.com/favicon.ico

139.45.197.239

0 B

URL
oodrampi.com/favicon.ico
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: oodrampi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oodrampi.com/4/5886009?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18
Cookie: OAID=db61d4034a64418795e6b07a879eaf2b; oaidts=1701788702
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

oodrampi.com/?z=5886009&syncedCookie=true&rhd=false

139.45.197.239

302 Found

0 B

URL User Request POST HTTP/2
oodrampi.com/?z=5886009&syncedCookie=true&rhd=false
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectoodrampi.com
Fingerprint89:B4:C8:27:2B:D3:75:5C:60:C4:F1:A6:A9:DD:3C:BC:CF:D9:58:6F
ValidityTue, 14 Nov 2023 05:14:57 GMT - Mon, 12 Feb 2024 05:14:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=5886009&syncedCookie=true&rhd=false HTTP/1.1
Host: oodrampi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 589
Origin: https://oodrampi.com
DNT: 1
Connection: keep-alive
Referer: https://oodrampi.com/afu.php?zoneid=5886009&var=5886009&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false
Cookie: OAID=db61d4034a64418795e6b07a879eaf2b; oaidts=1701788702
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
content-length: 0
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=755919209808269905&subid1=5886009&cost=0.000455
x-trace-id: 72a2f4867f9711a59e6807768140acb7
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://oodrampi.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=db61d4034a64418795e6b07a879eaf2b; expires=Wed, 04 Dec 2024 15:05:02 GMT; path=/; secure; SameSite=None
oaidts=1701788702; expires=Wed, 04 Dec 2024 15:05:02 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 12 Dec 2023 15:05:02 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=755919209808269905&subid1=5886009&cost=0.000455

157.90.33.74

302 Found

0 B

URL User Request GET HTTP/2
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=755919209808269905&subid1=5886009&cost=0.000455
IP
157.90.33.74:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecteu.can-get-so.me
FingerprintBE:D5:EB:67:3B:6D:BE:D4:2D:2E:C1:6F:32:81:EE:82:61:AC:26:E3
ValiditySat, 28 Oct 2023 03:31:25 GMT - Fri, 26 Jan 2024 03:31:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=755919209808269905&subid1=5886009&cost=0.000455 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
content-length: 0
x-trace: 0b2160eee5871170fda21fcdd6cbc758
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://34.102.137.201/2/PU_NO_SB_DT_KINDRED_2?source=870132&geo=NO&device=desktop&os=windows&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
set-cookie: rauid=1s9SS4WDRjagvddBKWW3Sw; expires=Wed, 04 Dec 2024 15:05:02 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

34.102.137.201/2/PU_NO_SB_DT_KINDRED_2?source=870132&geo=NO&device=desktop&os=windows&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0

34.102.137.201

302 Found

0 B

URL User Request GET HTTP/1.1
34.102.137.201/2/PU_NO_SB_DT_KINDRED_2?source=870132&geo=NO&device=desktop&os=windows&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
IP
34.102.137.201:80
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/PU_NO_SB_DT_KINDRED_2?source=870132&geo=NO&device=desktop&os=windows&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0 HTTP/1.1
Host: 34.102.137.201
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 05 Dec 2023 15:05:02 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Via: 1.1 google

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2

13.107.213.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; domain=.unibet.com; expires=Thu, 05-Dec-3022 15:05:03 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0HzxvZQAAAAAsJBZbSf50Rrd2qBRWvWAvU1ZHMjBFREdFMDYxNgAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Tue, 05 Dec 2023 15:05:02 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 15:05:03 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950
set-cookie: JSESSIONID=node0ujddxl42vcnn17tanx5mamfol152638.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0ujddxl42vcnn17tanx5mamfol; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 15:05:03 GMT; Max-Age=63072000; Secure
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 15:05:03 GMT; Max-Age=63072000; Secure
uniattr_ref=; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 15:05:03 GMT; Max-Age=63072000; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affiliateId=1; Path=/; Domain=.unibet.com; Secure
B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; Path=/; Domain=.unibet.com; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BID=37950; Path=/; Domain=.unibet.com; Secure
PID=86299988; Path=/; Domain=.unibet.com; Secure
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REFERER=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; Path=/; Domain=.unibet.com; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Tue, 05 Dec 2023 15:05:03 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_F977A628BCFE411C964A83F423AAB20F&sref=GIG&GIG=NO_DESK_SB_2&affiliateId=1&pid=86299988&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A86299988-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 15:05:03 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Tue, 05 Dec 2023 15:05:03 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 05 Dec 2023 15:05:04 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f67f98ab524-OSL
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 12:53:33 GMT
expires: Wed, 04 Dec 2024 12:53:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 7891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.141.13

200 OK

110 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
110 kB (110301 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2343725
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QiLniOstE9VaIjwNVEnNS3Xxl%2BD6DMfSUbcIeiY3OO%2FhXqTNAhpNFe0FxCCXjX%2FnmCIbW5IPS0avqPUtYtX2mDrkcN4LoFHMkApJDKMaGLa5mi2g48KcXIYpDjD82a1YxvpxPr%2Bu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d2f687cca414c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 05 Dec 2023 15:05:04 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f694b4bb524-OSL
X-Firefox-Spdy: h2

oodrampi.com/4/5886009?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18

139.45.197.239

95 kB

URL
oodrampi.com/4/5886009?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max speed, from Unix\012- data
Size
95 kB (95358 bytes)
Hash
42e385181cd2d7dbe3bc8ca64b5c0b8f
742f43cbd8d7443a6ea5c1fc6428f5e6f4138407
8f5e927a3233139437dfc59d9a52ab1282434f54fe36b19d25dd6be2b085febc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/5886009?var=2338827e0d90f291e9da38473294274bf4&ymid=62a3agxsc8puop2b18 HTTP/1.1
Host: oodrampi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:05:02 GMT
content-type: text/html; charset=utf8
x-trace-id: d69837116108fadf4f8be535d1fe6905
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=db61d4034a64418795e6b07a879eaf2b; expires=Wed, 04 Dec 2024 15:05:02 GMT; path=/; secure; SameSite=None
oaidts=1701788702; expires=Wed, 04 Dec 2024 15:05:02 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding, favicon
content-encoding: gzip
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 830d2f697b91b524-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 478197
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

172.217.21.170

200 OK

16 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
16 kB (16422 bytes)
Hash
0e91331d84473525845dc7cd12371eb4
0caf048f61bbea7f5f8b0d04096f00f9260c73a2
f22a950391bb5ba2d67ee36e3099aedceae49895ec0d4680d62eee632e3d23e8

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 15:05:04 GMT
date: Tue, 05 Dec 2023 15:05:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

172.64.144.152

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Size
16 kB (16532 bytes)
Hash
f64e07dc4e791d707923de158a7ad439
17b1069ca64b16e2c16e56bc638fd3df5c9634aa
323e94b4a6a0b33de9b79d4dac91274635e005ba31335ac6f961af518f976ffe

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f97ab524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 476815
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

200 OK

26 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
26 kB (25610 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f977b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 384751
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 547005
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fA1q%2FS3m2IYOufrGNAJuWAThP%2FOq%2Fqk20KYnobW%2FacnCsW31lMkMPMVeF%2F7MfBHGpxKZsz5CkpoTEPV6REYANuOidGvMNmS%2F1HbI3jAlqRHRNyB%2FvuwxfEDVETiww8%2BR44%2F7Qdy1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d2f699e47414c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 468450
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

172.64.144.152

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d2f67e964b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 382092
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

172.64.144.152

200 OK

966 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Size
966 B (966 bytes)
Hash
60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f986b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 480437
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988

172.64.144.152

200 OK

17 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:03 GMT
content-type: text/html; charset=utf-8
cf-ray: 830d2f662f1db524-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: d013508a-b01e-0059-068c-279581000000
x-ms-version: 2014-02-14
set-cookie: btag=320669908_F977A628BCFE411C964A83F423AAB20F;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

172.64.144.152

200 OK

807 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Size
807 B (807 bytes)
Hash
f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67e974b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 550431
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

200 OK

32 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
32 kB (31807 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f98cb524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 550507
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; clientId=polopoly_desktop; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: text/html;charset=utf-8
x-request-id: 48181519093bec156fc55593ad9d4032
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 15:05:28 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 494891
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:03 GMT
content-type: text/css; charset=utf-8
cf-ray: 830d2f67d961b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 465423
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.8 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (1881), with no line terminators
Size
1.8 kB (1797 bytes)
Hash
695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 05 Dec 2023 15:05:04 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.64.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 548
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f6c2c2456b5-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67e972b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 556856
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.64.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 473
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f6c1c1e56b5-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f988b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 371802
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.104

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.104:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192188 bytes)
Hash
5d129a88c2dfc285991ecb31295edb81
f165eac1c9669f3adc6d3ba369e0780a7b1177dd
3f1ed32027ee04cea89f93c58600f733d28998d6263de49d150c37309a4e440c

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 15:05:04 GMT
expires: Tue, 05 Dec 2023 15:05:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:43:41 GMT
expires: Wed, 04 Dec 2024 04:43:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 37283
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

15 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
15 kB (14810 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d2f68eae3b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 370884
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f979b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 468276
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 830d2f694b4eb524-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 379549
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; clientId=polopoly_desktop; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: text/html;charset=utf-8
x-request-id: 48181519093bec156fc55593ad9d4032
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 15:05:28 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:03 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d2f67d962b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 287545
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

172.64.144.152

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cf-ray: 830d2f67f978b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 472579
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.64.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 76
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d2f6c2c2956b5-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

172.64.144.152

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: image/x-icon
cf-ray: 830d2f6a3c90b524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 550360
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; clientId=polopoly_desktop; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 14:00:57 GMT
vary: Accept-Encoding
etag: W/"656ddb99-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

172.64.144.152

200 OK

5.9 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (6078), with no line terminators
Size
5.9 kB (5881 bytes)
Hash
f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:86299988-37950&btag=320669908_F977A628BCFE411C964A83F423AAB20F&bid=37950&campaignId=2799402&pid=86299988
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86299988%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701788703267)%5c%2f%22%2c%22CookieTag%22%3a%223795086299988451240919C2023125155%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670323717%7c1%22%7d%5d; __ucbt=node0ujddxl42vcnn17tanx5mamfol; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_F977A628BCFE411C964A83F423AAB20F; BID=37950; PID=86299988; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_F977A628BCFE411C964A83F423AAB20F%26sref%3DGIG%26GIG%3DNO_DESK_SB_2%26affiliateId%3D1%26pid%3D86299988%26bid%3D37950; btag=320669908_F977A628BCFE411C964A83F423AAB20F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:05:04 GMT
content-type: application/javascript
cf-ray: 830d2f67e96cb524-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 478292
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN