Report - www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7',

Report Overview

Visited public
2023-12-02 20:12:10
Tags
Submit Tags
URL
www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7',
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
IP / ASN
142.250.74.147
#15169 GOOGLE
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-12-01 12:24:33	342 B	852 B	172.67.219.12
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-02 11:47:07	30 kB	335 kB	172.64.144.152
apis.google.com	105	1997-09-15	2013-05-06 22:20:21	2023-12-02 05:09:23	2.0 kB	155 kB	142.250.74.78
jeanspurrcleopatra.com	unknown	unknown	No data	No data	2.5 kB	4.3 kB	192.243.59.12
divedresign.com	unknown	2023-11-28	2023-11-28 10:19:52	2023-12-02 11:35:45	411 B	467 B	192.243.61.225
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-02 05:19:04	1.5 kB	1.0 kB	18.157.203.0
resources.blogblog.com	13274	2000-09-15	2017-01-30 05:47:40	2023-12-02 05:34:41	941 B	2.3 kB	142.250.74.41
vvfal.veinmaster.top	unknown	2023-11-23	2023-11-26 13:21:34	2023-11-30 01:15:05	2.7 kB	35 kB	104.21.3.144
a.veinmaster.top	unknown	2023-11-23	2023-11-24 09:28:59	2023-12-02 05:39:59	1.9 kB	17 kB	104.21.3.144
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-01 13:52:19	1.4 kB	1.7 kB	85.184.96.5
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-02 07:17:09	453 B	17 kB	142.250.74.138
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-02 16:29:19	1.4 kB	2.5 kB	85.184.96.5
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-02 19:44:00	656 B	57 kB	104.21.234.32
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-12-01 19:43:42	1.5 kB	33 kB	104.16.48.126
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-02 11:37:48	2.5 kB	4.4 kB	173.233.137.60
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-02 07:32:34	869 B	273 kB	216.58.207.200
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-02 07:24:06	2.7 kB	83 kB	216.58.207.227
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-02 06:23:17	1.8 kB	42 kB	142.250.74.131
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-01 22:19:58	7.0 kB	82 kB	85.184.96.28
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-01 05:31:13	1.8 kB	18 kB	173.233.137.36
www.oppaku.com	unknown	unknown	No data	No data	2.1 kB	76 kB	142.250.74.147
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-02 05:17:42	1.0 kB	130 kB	172.64.141.13
archaicin.com	unknown	2023-11-28	2023-11-28 15:15:37	2023-12-01 17:33:09	446 B	467 B	173.233.137.60
dropdoneraining.com	unknown	2023-07-21	2023-07-21 04:04:35	2023-10-01 10:40:04	1.1 kB	52 kB	192.243.61.227
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-12-01 22:20:00	606 B	5.5 kB	104.40.147.180
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-12-02 05:34:40	1.4 kB	64 kB	142.250.74.41
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-11-28 09:13:44	608 B	1.1 kB	104.21.22.161
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-02 14:42:08	589 B	1.4 kB	13.107.246.53
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-02 08:02:56	445 B	31 kB	142.250.74.138
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-01 09:03:21	926 B	601 B	192.64.81.118

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-02 20:12:00	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-02	medium	dropdoneraining.com	Sinkholed
2023-12-02	medium	dropdoneraining.com	Sinkholed
2023-12-02	medium	dropdoneraining.com	Sinkholed
2023-12-02	medium	divedresign.com	Sinkholed
2023-12-02	medium	archaicin.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed
2023-12-02	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	307 B	2023-03-07	2025-06-20
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-06-20 22:12 Times Seen5791 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-02	2023-12-03
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 09:24 Last Seen2023-12-03 09:02 Times Seen17 Hash 422ecd3802e05c506d969d789fc58db2 d1ee77bd95bf2079e68393c86d5825466a75a509 99ee9f2740080ba68338e1b3bfc43c30f0cac67e8fedddc90a98689163930f0e Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-07-07
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-07-07 06:04 Times Seen6339 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2025-06-20
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-06-20 22:12 Times Seen5797 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-07-12
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-07-12 13:04 Times Seen5801 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-07-14
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-14 19:09 Times Seen65666 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-07-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-07-12 13:04 Times Seen5815 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-07-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-07-12 13:04 Times Seen5267 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	ScriptElement	1.8 kB	2023-03-07	2025-02-02
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen4745 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	92 B	2023-03-07	2025-07-12
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-07-12 13:04 Times Seen5797 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	364 B	2023-03-07	2025-06-20
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-06-20 22:12 Times Seen5772 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - 336666ba925d9084ea5e6470cf0f9b50	471 B	2024-08-20 17:01	2024-08-20 17:01
Pretty Observations First Seen2024-08-20 17:01 Last Seen2024-08-20 17:01 Times Seen1 Hash 336666ba925d9084ea5e6470cf0f9b50 06e7a873e7322b3679f73ff4439fe3547ff0c639 5563f52d87d4b3a09982644823223bf796ccc2b94fdef032287803bc1ba75904 Loading...

		Size	First Seen	Last Seen
	#1 Write - ac152c9e7eeb55470585c49e2660531b	111 B	2024-08-20 17:01	2024-08-20 17:01
Pretty Observations First Seen2024-08-20 17:01 Last Seen2024-08-20 17:01 Times Seen1 Hash ac152c9e7eeb55470585c49e2660531b 8c77754d5531b86f4ac2f349b1f45c487e4384d7 6b1ac60c87b1d74efebb911809b2988d2510b966041a5689fb22a6eba09d0264 Loading...

	#2 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2025-06-20 22:12
Pretty Observations First Seen2023-03-07 01:11 Last Seen2025-06-20 22:12 Times Seen5805 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (83)

URL IP Response Size

www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27,

142.250.74.147

36 kB

URL
www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27,
IP
142.250.74.147:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5408)
Size
36 kB (35788 bytes)
Hash
d0ab166be06d4e19ff81718d84d4605a
9ba5c67eab6d96c6251acbb898a64ee18247fe80
99f2d626c43f54158b89cd341ef082eeeecd9959e4d7cc3f712c44fe71d5c55f

HTTP Headers

GET /http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27, HTTP/1.1
Host: www.oppaku.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 35788
server: GSE
X-Firefox-Spdy: h2

www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27,

142.250.74.147

36 kB

URL
www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27,
IP
142.250.74.147:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5408)
Size
36 kB (35790 bytes)
Hash
47f141f0e357bcfd3423485ba9faf4c0
10fccb0bf25cb66650a9b91cb4ccdcc3f5eb02ce
ea86827ed4f4d9fa6a8328e60efe041f82af333228aa5c045c940621973f4d03

HTTP Headers

GET /http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27, HTTP/1.1
Host: www.oppaku.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 02 Dec 2023 20:11:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 35790
Server: GSE

www.oppaku.com/js/cookienotice.js

142.250.74.147

2.0 kB

URL
www.oppaku.com/js/cookienotice.js
IP
142.250.74.147:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: www.oppaku.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/http:/www.oppaku.com/search?updated-max\x3d2023-11-01T00:58:00-07:00\x26max-results\x3d7%27,
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Sat, 02 Dec 2023 20:11:51 GMT
Expires: Sat, 09 Dec 2023 20:11:51 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 02 Dec 2023 17:50:37 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0

www.blogger.com/static/v1/widgets/325989852-widgets.js

142.250.74.41

59 kB

URL
www.blogger.com/static/v1/widgets/325989852-widgets.js
IP
142.250.74.41:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2258)
Size
59 kB (59316 bytes)
Hash
2aaaea7286ee481cbc12cfd76e10c0cf
6e8576cb84ac125faa0bc0a5fe5508166cc4eed8
4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580

HTTP Headers

GET /static/v1/widgets/325989852-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 14:08:07 GMT
expires: Fri, 29 Nov 2024 14:08:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 05:57:17 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 194624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/js/platform.js

142.250.74.78

22 kB

URL
apis.google.com/js/platform.js
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2664)
Size
22 kB (21930 bytes)
Hash
fd67324a3d81895bdf76b073089663b1
5abb1b0a36c645085e31830e6647faa790ad4e91
8eaa06f95fa0ac44c2c186f200874f2f3ebc3aaa92412f0d0c096f517d3581d1

HTTP Headers

GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21930
date: Sat, 02 Dec 2023 20:11:51 GMT
expires: Sat, 02 Dec 2023 20:11:51 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "bccfddc1dce4fb76"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=RaQCvHT3jGNgesNOaJ4OQfygzswsfmS5ha7tSDf87hLUJSt_JFDtVX9hMXncZHJDdHprkCqDpz_z-Rgn2aOsSb38-sVenvIwcKtkdNkp5LcZPlLs9ybAhRv9BOVIwm8xMqr1ZE2-7SEWuoV0biZx4zZdhRJd4lRwW6M4WSBhJoc; expires=Sun, 02-Jun-2024 20:11:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-1NYNTRDMVL

216.58.207.200

79 kB

URL
www.googletagmanager.com/gtag/js?id=G-1NYNTRDMVL
IP
216.58.207.200:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (5955)
Size
79 kB (79174 bytes)
Hash
1b9ac1be494594a03d512b8182cb9610
e1290cf21119c99d5018856d2f83268185d89046
e535978b48bd3067588e25f97f4def379e9c2ffebb6e4be790dd379a91b0205d

HTTP Headers

GET /gtag/js?id=G-1NYNTRDMVL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 20:11:51 GMT
expires: Sat, 02 Dec 2023 20:11:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79174
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dropdoneraining.com/17/b8/60/17b860da2c860ea1be1b188bb3277478.js

192.243.61.227

23 kB

URL
dropdoneraining.com/17/b8/60/17b860da2c860ea1be1b188bb3277478.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (59693), with no line terminators
Size
23 kB (23337 bytes)
Hash
23493a1e83057c91db079d9047a356a4
f1c74c7be244e84dd193751600b25f5f77812d6d
3352f13f1c24e460bd91792fae9b84ec3bce0731718667c777505521f9ad9ac3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /17/b8/60/17b860da2c860ea1be1b188bb3277478.js HTTP/1.1
Host: dropdoneraining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9522d6e23848ff9cccf7a6dfa3b7c513
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dropdoneraining.com/5c/e1/a2/5ce1a2a3cd7dc71fb8acd01d99a835aa.js

192.243.61.227

15 kB

URL
dropdoneraining.com/5c/e1/a2/5ce1a2a3cd7dc71fb8acd01d99a835aa.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42785), with no line terminators
Size
15 kB (15446 bytes)
Hash
1b744fcb53c281a9d7176ac8d2c9516e
0efa594fafd4fbb0a401553b0a6c96599767552f
cf5985e6c948b70f8449a7599d2ddc3854e54d0061881e35efd38bd151bbfe31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5c/e1/a2/5ce1a2a3cd7dc71fb8acd01d99a835aa.js HTTP/1.1
Host: dropdoneraining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 05c74d17f3bedf7343d758dd73e0793b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15816, version 1.0\012- data
Size
16 kB (15816 bytes)
Hash
2735a3a69b509faf3577afd25bdf552e
8621aff863b67040010ccc183da5b9079ce6fd1d
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

HTTP Headers

GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:26:32 GMT
expires: Thu, 28 Nov 2024 14:26:32 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
content-type: font/woff2
age: 279920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:21:58 GMT
expires: Fri, 29 Nov 2024 23:21:58 GMT
cache-control: public, max-age=31536000
age: 161394
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dropdoneraining.com/7605195a83806e997e087ef912696f5f/invoke.js

192.243.61.227

11 kB

URL
dropdoneraining.com/7605195a83806e997e087ef912696f5f/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Size
11 kB (10910 bytes)
Hash
d5d4f149aa8899564b6011bd8d9e5cf2
5d850194afd402036031dbc7d6952d00efd7e6ad
d6101c154189a663235ce2868949fdda06d3448e13d2dcdcc3fee66886cbdd8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7605195a83806e997e087ef912696f5f/invoke.js HTTP/1.1
Host: dropdoneraining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ac0ca1de4c6a0917813359555c88396
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 20:11:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 42a5f353196c47ef5f79313727d24a4e
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: STALE
Age: 0
Last-Modified: Sat, 02 Dec 2023 20:11:52 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2FoY%2F5hTou0KWXPsEokuo4aBi%2FnEhdA2caQBFos2BROwEDhYq2UEJ3CYffV7jur2iDOD%2BXkDKJqGv7qMUSItekB%2BiaAuiDHEWczW%2FS5sdQwi3eWeOTegW8WEVkLbVRgnmNA5uSg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f638b3aa34b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d38843a50459ff90b75f6c3dc6fef33f
4044cdbfccd32a9b782af5a1399a31f7c04908d3
3afc3b5c5a8b3d18ee634cf8c5c18bd80d288d11cc560ed8c2bd7df3fbd1322d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.oppaku.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=cdb70777-ec62-466c-87e7-c3bf2db6e62b:2:1; expires=Tue, 29 Nov 2033 20:11:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d38843a50459ff90b75f6c3dc6fef33f
4044cdbfccd32a9b782af5a1399a31f7c04908d3
3afc3b5c5a8b3d18ee634cf8c5c18bd80d288d11cc560ed8c2bd7df3fbd1322d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Cookie: uid_id2=cdb70777-ec62-466c-87e7-c3bf2db6e62b:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.oppaku.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d38843a50459ff90b75f6c3dc6fef33f
4044cdbfccd32a9b782af5a1399a31f7c04908d3
3afc3b5c5a8b3d18ee634cf8c5c18bd80d288d11cc560ed8c2bd7df3fbd1322d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Cookie: uid_id2=cdb70777-ec62-466c-87e7-c3bf2db6e62b:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.oppaku.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.32:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27568 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 20:11:52 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 42a5f353196c47ef5f79313727d24a4e
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: STALE
Age: 0
Last-Modified: Sat, 02 Dec 2023 20:11:52 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qM4o46E2HIG82jqIrPCGIVQwDkylc9wozCfs7k1s%2BtuCGdj2erWhOHXwCAFrwu6T8U%2Fk1MOxJec4O1ilzJhgrZsy4tTA7alROCdew5tVQ2ijqN8X79oLJCoEyp9nCN4oD7K84nM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f638b4fc0ab512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

divedresign.com/pixel/purst?dl=0&th=0&sc=0&rs=2159&rd=2159&fd=955&bv=23.11.v.9&tmpl=70

192.243.61.225

0 B

URL
divedresign.com/pixel/purst?dl=0&th=0&sc=0&rs=2159&rd=2159&fd=955&bv=23.11.v.9&tmpl=70
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2159&rd=2159&fd=955&bv=23.11.v.9&tmpl=70 HTTP/1.1
Host: divedresign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:52 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

banquetunarmedgrater.com/advertisers.js

172.67.219.12

0 B

URL
banquetunarmedgrater.com/advertisers.js
IP
172.67.219.12:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 02 Dec 2023 20:11:52 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=172800
X-Request-ID: c34bc1f40600012b0487d09bae9f7497
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: STALE
Age: 0
Last-Modified: Sat, 02 Dec 2023 20:11:52 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rs%2FGUXyK%2FeKl7a6VMd0pRhrPJccBwx92Y0X9io%2FnYBdFCZz%2F9eAbs5251bBYhXAfR%2BZFZMqXNYhpgmFirVdQbmVfeBJCnhMAiqbA1wI7S3faHwViZNDn15mNpMcQcs0mKYW8CVKU4FXBaA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82f638b65e0f56a2-OSL
alt-svc: h2=":443"; ma=60

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs

142.250.74.78

61 kB

URL
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1505)
Size
61 kB (60962 bytes)
Hash
71aaa92f748ba3c48d6edfb40204d614
ad1ca8c338494256d564ee7857707f758e03948b
215f3b01f5decd286eb88ac2dc56b997e6cd2ce8f47998dfa9e2917f8b890982

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 60962
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:45:42 GMT
expires: Fri, 29 Nov 2024 02:45:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Nov 2023 22:37:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 235570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.oppaku.com/favicon.ico

142.250.74.147

412 B

URL
www.oppaku.com/favicon.ico
IP
142.250.74.147:0
ASN
#15169 GOOGLE

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.oppaku.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/http:/www.oppaku.com/search
Cookie: _ga_1NYNTRDMVL=GS1.1.1701547916.1.0.1701547916.0.0.0; _ga=GA1.1.806990164.1701547917; dom3ic8zudi28v8lr6fgphwffqoz0j6c=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1; pp_main_17b860da2c860ea1be1b188bb3277478=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
Expires: Sat, 02 Dec 2023 20:11:53 GMT
Date: Sat, 02 Dec 2023 20:11:53 GMT
Cache-Control: private, max-age=86400
Last-Modified: Mon, 27 Nov 2023 08:12:08 GMT
ETag: W/"793cd5a12e23a681659dcb45457967f5c0f6cabc5202bf8a7d8932bcfa3dd85e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE

www.blogger.com/navbar.g?targetBlogID=6530119234642660984&blogName=HOT+CELEB+SEXY+PICS&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://www.oppaku.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.oppaku.com/&vt=3634275770679437749&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.coKrc9A11Ng.O%2Fd%3D1%2Frs%3DAHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw%2Fm%3D__features__

142.250.74.41

2.6 kB

URL
www.blogger.com/navbar.g?targetBlogID=6530119234642660984&blogName=HOT+CELEB+SEXY+PICS&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://www.oppaku.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.oppaku.com/&vt=3634275770679437749&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.coKrc9A11Ng.O%2Fd%3D1%2Frs%3DAHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw%2Fm%3D__features__
IP
142.250.74.41:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3170)
Size
2.6 kB (2570 bytes)
Hash
464ea49a2aea46974acc4788effef289
713dddf876b1e9c0b14e446c4d896360213c30d1
88bcdc720ae060ebd8be4904274d13545899d9080e22eee9b1f3e7ace388bd6f

HTTP Headers

GET /navbar.g?targetBlogID=6530119234642660984&blogName=HOT+CELEB+SEXY+PICS&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://www.oppaku.com/search&blogLocale=en_GB&v=2&homepageUrl=http://www.oppaku.com/&vt=3634275770679437749&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.coKrc9A11Ng.O%2Fd%3D1%2Frs%3DAHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw%2Fm%3D__features__ HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 20:11:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2570
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

192.243.59.12

0 B

URL
jeanspurrcleopatra.com/watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1 HTTP/1.1
Host: jeanspurrcleopatra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.oppaku.com
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 20:11:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.oppaku.com
Access-Control-Allow-Origin: http://www.oppaku.com
Access-Control-Allow-Credentials: true
Location: https://jeanspurrcleopatra.com/watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1&shu=ced4482df9864a36eabc07adcb827fb0abdcdcb196743161a3f930baa4f0a0d646aed823540002664ee96947357db5459ae221e359ad8fa486c1bf8197cdfd06e48b8c79abe1a209fdc68134ecb8d1b1f8762b52c52c3b0183ec5b7be60bfb&pst=1701547973&rmtc=t
Set-Cookie: u_pl=20557149; expires=Sun, 03 Dec 2023 20:11:53 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDU1NzE0OSwiayI6Ijc2MDUxOTVhODM4MDZlOTk3ZTA4N2VmOTEyNjk2ZjVmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTY0Nzg5LCJwaWQiOjExNTY5NjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjcsInB0Ijo0LCJwayI6InBuMng3OGRweCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3Lm9wcGFrdS5jb20vaHR0cDovd3d3Lm9wcGFrdS5jb20vc2VhcmNoIiwiYXIiOltdfX0.LtrVeKa1Pki24aRzEZ8YJVTsTptoD4p8B934huV4AvQ; expires=Sat, 02 Dec 2023 20:12:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 535f0294f08a380de24b5ca7d158f467
Strict-Transport-Security: max-age=0; includeSubdomains

resources.blogblog.com/img/navbar/icons_peach.png

142.250.74.41

907 B

URL
resources.blogblog.com/img/navbar/icons_peach.png
IP
142.250.74.41:0
ASN
#15169 GOOGLE

File type
PNG image data, 46 x 20, 8-bit colormap, non-interlaced\012- data
Size
907 B (907 bytes)
Hash
3718077fe5eb689b0ded987a52881d06
f0ce5596ef43f850c400cbbc0556697fb3e7b232
72be8098b87d7e2d7fbc6eb0a3eaebcf1013186d7733cd340549f9e1701a4865

HTTP Headers

GET /img/navbar/icons_peach.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 907
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 11:28:24 GMT
expires: Thu, 07 Dec 2023 11:28:24 GMT
cache-control: public, max-age=604800
last-modified: Thu, 30 Nov 2023 06:30:42 GMT
content-type: image/png
age: 204209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

resources.blogblog.com/img/navbar/arrows-light.png

142.250.74.41

117 B

URL
resources.blogblog.com/img/navbar/arrows-light.png
IP
142.250.74.41:0
ASN
#15169 GOOGLE

File type
PNG image data, 19 x 4, 8-bit/color RGBA, non-interlaced\012- data
Size
117 B (117 bytes)
Hash
25c2b0cfe0ad4dcda4a0e3727d091d80
b9d16f4311e64648b7970baf00cb9841e3c3351b
bb6685107846b4c25384202730b84ec168fecee197e5f9e3fe8ffdd5bed6749d

HTTP Headers

GET /img/navbar/arrows-light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 117
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:02:35 GMT
expires: Thu, 07 Dec 2023 02:02:35 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2023 17:00:16 GMT
content-type: image/png
age: 238158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

apis.google.com/js/platform:gapi.iframes.style.common.js

142.250.74.78

22 kB

URL
apis.google.com/js/platform:gapi.iframes.style.common.js
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2664)
Size
22 kB (21940 bytes)
Hash
b970f4ece0f21dae7d57dcbbbe1eb48b
52ab98370d3fc4bfd4c1b23cb3ed5dc1e37d779a
53dbcf2ac8d4a8d0a0fc4d5a15778fd36664923c87a60891a87bf8ec45535a91

HTTP Headers

GET /js/platform:gapi.iframes.style.common.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21940
date: Sat, 02 Dec 2023 20:11:53 GMT
expires: Sat, 02 Dec 2023 20:11:53 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "f3d0fc258127dfc5"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=UOrgNSDAgso6xy3eCqYqdmNQoNJ3AdexGu7YoMvu1Viq-AQdVCCvjuf4au2uTj_YBIa7BegVPpQu2-Pf1aSAu2hE-6CdPa-1vFuJmizYLmUsyjorjTVTPr1mPemiHBEwtb1c0xwiNHzM5eJNUR2I_dy7bcVhP0dWoJdbALBA9Mc; expires=Sun, 02-Jun-2024 20:11:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs

142.250.74.78

46 kB

URL
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1505)
Size
46 kB (45499 bytes)
Hash
a5139ae5276fac825f580dd8b48d0f72
2820e165c330673129cebdc8e7cf806e1620c0a0
2170ad362c9ba9f7ff9b642d2a9d72a263fff1cd47de3664c55d6a7462c4cbc3

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 45499
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 23:12:04 GMT
expires: Thu, 28 Nov 2024 23:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Nov 2023 22:37:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 248389
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

jeanspurrcleopatra.com/watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1&shu=ced4482df9864a36eabc07adcb827fb0abdcdcb196743161a3f930baa4f0a0d646aed823540002664ee96947357db5459ae221e359ad8fa486c1bf8197cdfd06e48b8c79abe1a209fdc68134ecb8d1b1f8762b52c52c3b0183ec5b7be60bfb&pst=1701547973&rmtc=t

192.243.59.12

643 B

URL
jeanspurrcleopatra.com/watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1&shu=ced4482df9864a36eabc07adcb827fb0abdcdcb196743161a3f930baa4f0a0d646aed823540002664ee96947357db5459ae221e359ad8fa486c1bf8197cdfd06e48b8c79abe1a209fdc68134ecb8d1b1f8762b52c52c3b0183ec5b7be60bfb&pst=1701547973&rmtc=t
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
643 B (643 bytes)
Hash
87a111e4dc8d436dca499c1a27865f58
b52e6fbbd5019b6efae4b4ee87f4881d865fcc56
3727823de6ce259e86b0741df902d4232c4786cf3b474a6cebda5770f250a009

HTTP Headers

GET /watch.409330851190.js?key=7605195a83806e997e087ef912696f5f&kw=%5B%22404%22%2C%22there%22%2C%22s%22%2C%22nothing%22%2C%22here%22%5D&refer=http%3A%2F%2Fwww.oppaku.com%2Fhttp%3A%2Fwww.oppaku.com%2Fsearch&tz=0&dev=e&res=14.3093&uuid=cdb70777-ec62-466c-87e7-c3bf2db6e62b%3A2%3A1&shu=ced4482df9864a36eabc07adcb827fb0abdcdcb196743161a3f930baa4f0a0d646aed823540002664ee96947357db5459ae221e359ad8fa486c1bf8197cdfd06e48b8c79abe1a209fdc68134ecb8d1b1f8762b52c52c3b0183ec5b7be60bfb&pst=1701547973&rmtc=t HTTP/1.1
Host: jeanspurrcleopatra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.oppaku.com
Referer: http://www.oppaku.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20557149; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDU1NzE0OSwiayI6Ijc2MDUxOTVhODM4MDZlOTk3ZTA4N2VmOTEyNjk2ZjVmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTY0Nzg5LCJwaWQiOjExNTY5NjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjcsInB0Ijo0LCJwayI6InBuMng3OGRweCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3Lm9wcGFrdS5jb20vaHR0cDovd3d3Lm9wcGFrdS5jb20vc2VhcmNoIiwiYXIiOltdfX0.LtrVeKa1Pki24aRzEZ8YJVTsTptoD4p8B934huV4AvQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 20:11:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.oppaku.com
Access-Control-Allow-Origin: http://www.oppaku.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cdb70777-ec62-466c-87e7-c3bf2db6e62b:2:1; expires=Sat, 09 Dec 2023 20:11:53 GMT; secure; SameSite=None
iprc0eb9fd1752524c5fac63a9b598b81a2c=2717342; expires=Sun, 03 Dec 2023 22:11:53 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 20:11:53 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 20:11:53 GMT; secure; SameSite=None
pdhtkv27=true; expires=Sun, 03 Dec 2023 20:11:53 GMT; secure; SameSite=None
uncs27=1; expires=Sun, 03 Dec 2023 20:11:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db9ee3b2c8bdad640c1ef00e242c0795
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

archaicin.com/pixel/sbe?t=1&error=timeout

173.233.137.60

0 B

URL
archaicin.com/pixel/sbe?t=1&error=timeout
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbe?t=1&error=timeout HTTP/1.1
Host: archaicin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20557149

173.233.137.60

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20557149
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (488)
Size
1.4 kB (1398 bytes)
Hash
3a2b22243863c5fdf2d224d26ac4d4ae
bf82b5484ee811f302eec4a843b449a7f8e4392d
b6ab53aa096a152b3bde461a41144f04c7c10e087e11286e50bb883b09980cd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20557149 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.oppaku.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Sun, 03 Dec 2023 20:11:54 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjA1NTcxNDkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5vcHBha3UuY29tLyIsImFyIjpbXX19.KO0Gbp2we1OM9ayPOL06_LGEjEGtL0IASQ306u8Zwws; expires=Sat, 02 Dec 2023 20:12:54 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7af3d3a44fdeb576ae44a2e2841ebda8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNTU3MTQ5JnBzdD0xNzAxNTQ3OTc0JnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cub3BwYWt1LmNvbSUyRiZybXRjPXQmc2h1PTQ2NGQ1N2NiYWE5YjI2NmMwNTc2NzMwYWJhZWRiYjdiZWNhMWJiNTEzYjQ1ZjIwM2E1N2M1MWI1YmNmMGZjMGI1Y2EzMzUwMjRkOTc0ODRmODNhMWUzMDRhZmE1ZjNjYjU5NzA0M2E5NmQyM2ExNjk3Yjg1YjQ5OTlmMjBmODFjOTA5N2QwZTBmNDllZTUyN2YyM2EzY2YzYjgxNTRjOGY5NGM5OWU1OGJlNTdkMzMyMmY4NGE3YTJiYjQwODU5MTlkYjY1MQ%3D%3D&uuid=&pii=&in=false

173.233.139.164

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNTU3MTQ5JnBzdD0xNzAxNTQ3OTc0JnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cub3BwYWt1LmNvbSUyRiZybXRjPXQmc2h1PTQ2NGQ1N2NiYWE5YjI2NmMwNTc2NzMwYWJhZWRiYjdiZWNhMWJiNTEzYjQ1ZjIwM2E1N2M1MWI1YmNmMGZjMGI1Y2EzMzUwMjRkOTc0ODRmODNhMWUzMDRhZmE1ZjNjYjU5NzA0M2E5NmQyM2ExNjk3Yjg1YjQ5OTlmMjBmODFjOTA5N2QwZTBmNDllZTUyN2YyM2EzY2YzYjgxNTRjOGY5NGM5OWU1OGJlNTdkMzMyMmY4NGE3YTJiYjQwODU5MTlkYjY1MQ%3D%3D&uuid=&pii=&in=false
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNTU3MTQ5JnBzdD0xNzAxNTQ3OTc0JnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cub3BwYWt1LmNvbSUyRiZybXRjPXQmc2h1PTQ2NGQ1N2NiYWE5YjI2NmMwNTc2NzMwYWJhZWRiYjdiZWNhMWJiNTEzYjQ1ZjIwM2E1N2M1MWI1YmNmMGZjMGI1Y2EzMzUwMjRkOTc0ODRmODNhMWUzMDRhZmE1ZjNjYjU5NzA0M2E5NmQyM2ExNjk3Yjg1YjQ5OTlmMjBmODFjOTA5N2QwZTBmNDllZTUyN2YyM2EzY2YzYjgxNTRjOGY5NGM5OWU1OGJlNTdkMzMyMmY4NGE3YTJiYjQwODU5MTlkYjY1MQ%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjA1NTcxNDkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5vcHBha3UuY29tLyIsImFyIjpbXX19.KO0Gbp2we1OM9ayPOL06_LGEjEGtL0IASQ306u8Zwws; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ff1ddcb0fcaa0fbba6312a4535ae72e&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprcd4d26aed86460e1940742183bd4f1bc0=4641329; expires=Sun, 03 Dec 2023 20:11:55 GMT
pdhtkv=true; expires=Sun, 03 Dec 2023 20:11:55 GMT
uncs=1; expires=Sun, 03 Dec 2023 20:11:55 GMT
pdhtkv28=true; expires=Sun, 03 Dec 2023 20:11:55 GMT
uncs28=1; expires=Sun, 03 Dec 2023 20:11:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a12f597df0b11b7e7ec945fd08a0464
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ff1ddcb0fcaa0fbba6312a4535ae72e&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ff1ddcb0fcaa0fbba6312a4535ae72e&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ff1ddcb0fcaa0fbba6312a4535ae72e&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sat, 02 Dec 2023 20:11:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9bgy9a5ej; expires=Sun, 03-Dec-2023 20:11:55 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9bgy9a5ej-h9bgy9a5ej-hq1m-0-q5a4bl-ftxofe-ft8pdz-aa7f21; expires=Sun, 03-Dec-2023 20:11:55 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660

104.21.22.161

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660
IP
104.21.22.161:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 02 Dec 2023 20:11:55 GMT
content-length: 0
location: https://vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
set-cookie: zKByXHsQK0ydGD7DogbGyA=6; max-age=345600; path=/; samesite=lax
__pl=ddc8c811-e033-4e04-aa01-ab00877564ce; expires=Tue, 02 Dec 2025 20:11:55 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIFGf8gDU1QSpbzajU3P6wQ17DZr%2BT72mrWTHOHCJf%2FtSDZCrU%2FE51SbsBlZUuRod8Sm%2FBJKy22R%2FiyE6Y7A%2BUkz6KaaUF8c%2FBCq4dWFJ0%2BVm38NTsaDP%2BBtAXF6c12e3Ap8wP97IZ%2BQG1zq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f638ca0f351c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/file-download/assets/image.png

104.21.3.144

12 kB

URL
vvfal.veinmaster.top/file-download/assets/image.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 122 x 122, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12527 bytes)
Hash
b2b93a8154dcfe6199faf860f8e9a24c
b42d6383680ea3b211c21c3a9a66bbc91c14999f
fe5fdbc9efcbf786ef4524b69555f1d8037eae0e3eeea57bdcfc37c1f7e3a138

HTTP Headers

GET /file-download/assets/image.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 20:11:56 GMT
content-type: image/png
content-length: 12527
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-30ef"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3425
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VIyStDK8nftwJnGuk14PpztFxRE7UUl9fcRXam4%2FvMiJvZAQTT%2BhKSwGiteuXtj5Kmd79nmQMgsgxXb2QBjo85q13pZ9vm2I9f7yxs5Bj2MhaEKas7jkh2sTJ9f4Wxbdo%2FHPiHXZAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638cbe92a1bfa-OSL
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/file-download/assets/trls.js

104.21.3.144

1.8 kB

URL
vvfal.veinmaster.top/file-download/assets/trls.js
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
1.8 kB (1770 bytes)
Hash
6f3b07a57eb0d4256f3532212d78039a
daa87e26fd44ade4dcf4204b5eba2e9b1677bda1
8425140c1879ff0b04b65f55964f676797516c6c887f64622b21e185eadc15d1

HTTP Headers

GET /file-download/assets/trls.js HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 20:11:56 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-206b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3425
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=512WXMF0%2FVi80nmq%2FSbLL9coN1MguAhgfod7nf5OHEDX%2BQfPARbJ5W6H10fNNqLouJW0chNV9HIldrEXB7YolLiboMUBNQ1TH1u%2FKCpJx4SJNJRIAFs9PNpLKt%2FB%2B77RbVa60%2FYRcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638cbd9211bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.131

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 21:36:55 GMT
expires: Wed, 27 Nov 2024 21:36:55 GMT
cache-control: public, max-age=31536000
age: 340501
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.131

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:01:06 GMT
expires: Fri, 29 Nov 2024 05:01:06 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 227450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.veinmaster.top/file-download/assets/image.png

104.21.3.144

12 kB

URL
a.veinmaster.top/file-download/assets/image.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 122 x 122, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12527 bytes)
Hash
b2b93a8154dcfe6199faf860f8e9a24c
b42d6383680ea3b211c21c3a9a66bbc91c14999f
fe5fdbc9efcbf786ef4524b69555f1d8037eae0e3eeea57bdcfc37c1f7e3a138

HTTP Headers

GET /file-download/assets/image.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 20:11:56 GMT
content-type: image/png
content-length: 12527
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-30ef"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6272
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTeB8uUHxi7JYBQy4nOn%2B5em%2FYZsquS87RtGq2fgrnC6deKZn90m0KKtp5V%2BTJXqxnug41PuXirS1vdThmHL4xvpyZXEZbrKnfEiIcJ8FlbTmaeXEpGpdMc6UR8M7WxgG3fh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638ceab511bfa-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/favicon.ico

104.21.3.144

0 B

URL
a.veinmaster.top/favicon.ico
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 02 Dec 2023 20:11:56 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6584
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Mn%2B%2BJpEC2uToeCfJEjn3qKpNZnhOfOm6KuREY6Yz7FTdw1PBqxNKyfq686gYNlK8bTnZfnhzlNRGJ%2BKWxKfvDGtm%2FzTL%2F0yG0m2eN6gOx3J%2FBkqktP9p%2B5oacXUush9Jd%2Ba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638cf5c671bfa-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.131

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 21:36:55 GMT
expires: Wed, 27 Nov 2024 21:36:55 GMT
cache-control: public, max-age=31536000
age: 340501
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.131

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:01:06 GMT
expires: Fri, 29 Nov 2024 05:01:06 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 227450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.veinmaster.top/file-download/assets/style.css

104.21.3.144

2.9 kB

URL
a.veinmaster.top/file-download/assets/style.css
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (366), with CRLF line terminators
Size
2.9 kB (2872 bytes)
Hash
af5d9c179345e7b19477f607ba1b96b3
101d2dbe6372617383151b22662dc6c6ca244b64
eff4557c2e618f7889262f436c56f171bcad972d122db3fb3f98e1ad30d4d2ce

HTTP Headers

GET /file-download/assets/style.css HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 20:11:56 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-1c16"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6272
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BKpXWsg0lEnCdKxZ%2BqoB2YTRP1iPGLg79c9%2BQG%2BPtsVS1GaE7apo8kUvNLhIWKaAfLC9StPyQwfqqHKgtJ6aAKwGQH1RTHcnl8wERq4%2BB31d26%2FstuTzCPhlAPamQ6x62Ca"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638ceab4f1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215

104.21.3.144

643 B

URL
vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
643 B (643 bytes)
Hash
eedad9ae31a7b3a65e054b6d21c221ab
293ba6768dc1b89bffee6fa08773fd5b406998f9
f318b05eade0df49be0196d3644f9297123b0b81abb10756fd5d68fac6bcda54

HTTP Headers

GET /file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:55 GMT
content-type: text/html
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qiKQlLTTuh3NLFXVPi2WhcqwT4Jg%2BSmweZuCsBSvn2I%2B85pwEVlDvDg3JPN859CfKn0qD37UXto7EsnDG2P%2B2f7nqboEqZUPGQryFBWNqKXNtu3CY5ooZ5lXIzskJzstuVTiS5ZxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f638caac5f0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905

13.107.246.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; domain=.unibet.com; expires=Mon, 02-Dec-3022 20:11:58 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0jo9rZQAAAACYX+4YBj1qTJOfOf6lQrO3U1ZHMjBFREdFMDUwOAAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Sat, 02 Dec 2023 20:11:57 GMT
content-length: 0
X-Firefox-Spdy: h2

GET www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 02 Dec 2023 20:11:58 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node0e0shwxhxw7db1p6uy6acomvqh5811385.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0e0shwxhxw7db1p6uy6acomvqh; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 20:11:58 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 20:11:58 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 20:11:58 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 02 Dec 2023 20:11:58 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

GET www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8915201898AE423CBA248172B7F1C1BA&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 02 Dec 2023 20:11:58 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 02 Dec 2023 20:11:58 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 02 Dec 2023 20:11:59 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638df5c3a5687-OSL
X-Firefox-Spdy: h2

GET a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:33:53 GMT
expires: Thu, 28 Nov 2024 17:33:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 268686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521

172.64.144.152

200 OK

12 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
12 kB (12097 bytes)
Hash
698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:58 GMT
content-type: text/html; charset=utf-8
cf-ray: 82f638dc88f35687-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: eac4dd51-e01e-0026-2e5b-255a1a000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_8915201898AE423CBA248172B7F1C1BA;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 82f638e17e6a5687-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 138764
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

GET welcome.unibet.com/custom.js

172.64.144.152

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
13 kB (12982 bytes)
Hash
7bf01e92dd55d5fa298f55fbcb9afd30
4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc
2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript
cf-ray: 82f638df4c1e5687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 237507
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

71 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
71 kB (71191 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82f638e0fdf75687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 130099
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1700490
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQqjTUBdR8u3%2BmNMi2B3QIWipmaaM5JLbEZBRrmEgtQO74eU6xChZhrcU0R8rfjqSGaq1p6GrjZMTAsqRp7xCMBAxqQgOWw1wvxlCJkncbQklFgtyoA7tYKdPRX0rU9d1bd5kALw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f638e1c8746582-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

172.64.144.152

200 OK

18 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text
Size
18 kB (17505 bytes)
Hash
ac64b59c98bbe50cf69b6c98fa39585c
0a5cc9fb43b8a208481baaf752dbd504078a764b
28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82f638df3c175687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 141308
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

vvfal.veinmaster.top/shared-js/assets/static-pl.js?v=2

104.21.3.144

17 kB

URL
vvfal.veinmaster.top/shared-js/assets/static-pl.js?v=2
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
17 kB (16953 bytes)
Hash
7224243dd0b18bb2508a1d77d4b2a0b2
bd833c24aa241861316053fd8bd46a1bef3d343f
920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659

HTTP Headers

GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/file-download/?pl=zKByXHsQK0ydGD7DogbGyA&sm=file-download&click_id=4aa51h9bgy9a5ejbbc&sub_id=16122660&nrid=c352d2d61b77461496cbad2b06f48055&hash=lWOb44FSx8WJiUlE4gA_Ew&exp=1701548215
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 20:11:56 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2379
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGBrBSM86urAkJQHQ8YOO1h5D%2FHnPyFAtsgGmgtWdaSg6duILFcbn9e%2BMpvZoPjeOcM2kHJvtDYdmM4qM191%2BbxERay4Xel4uffZh7fN7hwfYx8c%2FIKiPs706MROkgMnZdZ1NzzIqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638cbe92d1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.138

200 OK

16 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
16 kB (16422 bytes)
Hash
0e91331d84473525845dc7cd12371eb4
0caf048f61bbea7f5f8b0d04096f00f9260c73a2
f22a950391bb5ba2d67ee36e3099aedceae49895ec0d4680d62eee632e3d23e8

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 02 Dec 2023 20:11:59 GMT
date: Sat, 02 Dec 2023 20:11:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c225687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 316071
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
16 kB (15888 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c275687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 143966
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTQ3OTc3JnJtdGM9dCZzaHU9NTBjMzM0YzgwYTZhMzY4YzRhYWNhZjI5NjFjNDIyZWQ5MzM4YmMwOGIxMDZkMzk5YzAyZGY5MTVhZjA5MzA0YzAxODUwODUzMzU2MjFiNzM2ZTg1MzQ3Y2Q4OGVkZThjNzdkNGEzNjBjODU0YTk2YzYzNmIwN2M4NjgwMmE5NWYyODUxYWZkNjcxNDhmOTIzYmRjMTRhZDViM2EyOTcxYWY1NDM3ODI3ZWEwMWVmZjBhZTZjMmFlY2EyNzhlYQ%3D%3D&uuid=&pii=&in=false

173.233.137.36

302 Found

17 kB

URL User Request GET HTTP/1.1
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTQ3OTc3JnJtdGM9dCZzaHU9NTBjMzM0YzgwYTZhMzY4YzRhYWNhZjI5NjFjNDIyZWQ5MzM4YmMwOGIxMDZkMzk5YzAyZGY5MTVhZjA5MzA0YzAxODUwODUzMzU2MjFiNzM2ZTg1MzQ3Y2Q4OGVkZThjNzdkNGEzNjBjODU0YTk2YzYzNmIwN2M4NjgwMmE5NWYyODUxYWZkNjcxNDhmOTIzYmRjMTRhZDViM2EyOTcxYWY1NDM3ODI3ZWEwMWVmZjBhZTZjMmFlY2EyNzhlYQ%3D%3D&uuid=&pii=&in=false
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTQ3OTc3JnJtdGM9dCZzaHU9NTBjMzM0YzgwYTZhMzY4YzRhYWNhZjI5NjFjNDIyZWQ5MzM4YmMwOGIxMDZkMzk5YzAyZGY5MTVhZjA5MzA0YzAxODUwODUzMzU2MjFiNzM2ZTg1MzQ3Y2Q4OGVkZThjNzdkNGEzNjBjODU0YTk2YzYzNmIwN2M4NjgwMmE5NWYyODUxYWZkNjcxNDhmOTIzYmRjMTRhZDViM2EyOTcxYWY1NDM3ODI3ZWEwMWVmZjBhZTZjMmFlY2EyNzhlYQ%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 20:11:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Sun, 03 Dec 2023 20:11:58 GMT
uncs=1; expires=Sun, 03 Dec 2023 20:11:58 GMT
pdhtkv28=true; expires=Sun, 03 Dec 2023 20:11:58 GMT
uncs28=1; expires=Sun, 03 Dec 2023 20:11:58 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bffad4df0435bcb46b40f94eb84484ef
Strict-Transport-Security: max-age=0; includeSubdomains

GET welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

172.64.144.152

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c285687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 231794
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 218544
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

172.64.144.152

200 OK

807 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Size
807 B (807 bytes)
Hash
f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c265687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 309646
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

172.64.144.152

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c305687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 236030
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

172.64.144.152

200 OK

966 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Size
966 B (966 bytes)
Hash
60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df5c385687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 239652
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

216.58.207.200

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
216.58.207.200:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192188 bytes)
Hash
422ecd3802e05c506d969d789fc58db2
d1ee77bd95bf2079e68393c86d5825466a75a509
99ee9f2740080ba68338e1b3bfc43c30f0cac67e8fedddc90a98689163930f0e

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 20:11:59 GMT
expires: Sat, 02 Dec 2023 20:11:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 02 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67305
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82f638df3c145687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 46761
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.8 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (1881), with no line terminators
Size
1.8 kB (1797 bytes)
Hash
695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df5c395687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 131017
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

200 OK

32 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
32 kB (31807 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df5c3b5687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 309722
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 227665
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: text/html;charset=utf-8
x-request-id: 0d48f1e31b3100fe34cff41bc74b3135
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Sat, 02 Dec 2023 20:12:18 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

GET www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: text/html;charset=utf-8
x-request-id: 0d48f1e31b3100fe34cff41bc74b3135
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Sat, 02 Dec 2023 20:12:18 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/svg+xml
cf-ray: 82f638df4c2f5687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 227491
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.48.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:12:00 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638e5ee500b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: text/css; charset=utf-8
cf-ray: 82f638df3c125687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 224639
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sat, 02 Dec 2023 20:11:59 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

172.64.144.152

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: image/x-icon
cf-ray: 82f638e28f9e5687-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 309575
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 254106
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.48.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:12:00 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638e5de470b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701547918416)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231222011%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210654686650%7c1%22%7d%5d; __ucbt=node0e0shwxhxw7db1p6uy6acomvqh; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_8915201898AE423CBA248172B7F1C1BA; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8915201898AE423CBA248172B7F1C1BA%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_8915201898AE423CBA248172B7F1C1BA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82f638e19e995687-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 237412
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

GET use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.141.13

200 OK

54 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
54 kB (54456 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:11:59 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1700974
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkwcEVQosDbhNYfm6xjJK7zZ70laT3Hmjufkm2e6T%2F6wUxn1uqv5gtjwlBITsYX9IiSW8Jhpou2n1n0Bfa1fkB1my41CUgyx%2B2%2B4R1C2pcY3H4FM5tH1%2FEujvlX94Zgx1IW%2B9m0m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f638dfcd476582-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.48.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_8915201898AE423CBA248172B7F1C1BA&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 20:12:00 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 474
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f638e5ee4d0b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by