Report - game-2u.com

Report Overview

Visited public
2023-12-03 14:17:20
Tags
URL
game-2u.com
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
IP / ASN
104.21.32.109
#13335 CLOUDFLARENET
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
definedbootnervous.com	unknown	2023-05-22	2023-05-22 04:09:17	2023-11-09 15:35:31	894 B	23 kB	192.243.59.20
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-12-02 10:00:20	404 B	9.6 kB	104.21.11.245
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-12-03 05:47:50	608 B	1.0 kB	172.67.205.133
vvfal.veinmaster.top	unknown	2023-11-23	2023-11-26 13:21:34	2023-12-02 11:47:04	3.2 kB	29 kB	104.21.3.144
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-03 05:47:54	1.4 kB	1.7 kB	85.184.96.5
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-12-03 12:34:56	461 B	53 kB	216.58.207.226
dragnag.com	unknown	2023-11-28	2023-11-28 12:52:23	2023-11-29 05:37:34	3.4 kB	30 kB	173.233.137.60
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-02 11:37:48	1.9 kB	1.4 kB	192.243.59.20
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-02 14:42:08	589 B	1.4 kB	13.107.213.53
static.a-ads.com	34827	2012-07-07	2013-06-01 18:47:05	2023-12-02 05:54:55	963 B	753 kB	78.46.33.196
a.veinmaster.top	unknown	2023-11-23	2023-11-24 09:28:59	2023-12-02 05:39:59	2.5 kB	27 kB	104.21.3.144
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-03 07:59:58	445 B	31 kB	142.250.74.138
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-03 05:10:51	1.0 kB	99 kB	172.64.140.13
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-02 16:29:19	1.4 kB	2.0 kB	85.184.96.5
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	869 B	262 kB	142.250.74.168
game-2u.com	79791	2018-10-10	2016-01-30 19:40:16	2023-11-04 23:36:11	16 kB	968 kB	172.67.185.244
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	2.4 kB	1.7 kB	18.157.203.0
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-12-03 05:09:44	1.1 kB	478 B	192.0.76.3
woafoame.net	unknown	2022-10-26	2022-10-26 14:50:26	2023-11-22 17:09:29	846 B	29 kB	139.45.197.239
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-03 05:12:09	452 B	67 kB	45.133.44.10
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-03 05:47:53	7.1 kB	186 kB	85.184.96.28
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-12-02 18:36:36	1.4 kB	97 kB	192.0.77.37
vintageperk.com	unknown	unknown	No data	No data	3.4 kB	28 kB	192.243.61.227
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-03 07:56:40	1.4 kB	32 kB	142.250.74.35
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-02 11:47:07	30 kB	241 kB	172.64.144.152
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	1.4 kB	8.0 kB	104.17.24.14
stats.wp.com	2711	1997-03-28	2017-01-30 06:06:59	2023-12-03 05:09:43	406 B	18 kB	192.0.76.3
gracesmallerland.com	unknown	2023-11-28	2023-11-28 10:18:24	2023-12-02 14:13:15	494 B	467 B	192.243.59.12
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-03 05:12:51	725 B	423 B	192.243.59.12
cdnstatic.veinmaster.top	unknown	2023-11-23	2023-11-26 05:26:39	2023-12-02 05:39:59	744 B	3.3 kB	104.21.3.144
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-12-02 18:16:18	1.5 kB	33 kB	104.16.48.126
images.vfl.ru	275945	2001-02-13	2012-10-04 04:24:47	2023-11-18 11:11:14	2.7 kB	355 kB	78.24.223.39
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-12-03 05:38:07	531 B	479 B	139.45.195.254
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-12-01 22:20:00	606 B	5.5 kB	104.40.147.180
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-12-03 05:25:53	7.0 kB	201 kB	192.0.77.2
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	950 B	26 kB	142.250.74.106
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-02 19:44:00	421 B	29 kB	104.21.234.33
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-02 11:47:04	926 B	601 B	192.64.81.118
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-02 05:14:39	2.4 kB	3.9 kB	173.233.139.164
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.6 kB	50 kB	142.250.74.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 14:17:12	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	definedbootnervous.com	Sinkholed
2023-12-03	medium	definedbootnervous.com	Sinkholed
2023-12-03	medium	dragnag.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	fleraprt.com	Sinkholed
2023-12-03	medium	dragnag.com	Sinkholed
2023-12-03	medium	dragnag.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	gracesmallerland.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	conqueredallrightswell.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed
2023-12-03	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5795 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-03	2023-12-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 09:52 Last Seen2023-12-04 08:24 Times Seen14 Hash 92d171495e439f65242c49fe1ab31fcb fab0faf1ea3cb1e57e0bffbbdcffb6422be0c71f 88d5724ba1c2bb46163f114514f8cee2e24c05545a5e2449c3786d4113b13d68 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	92 B	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5784 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	ScriptElement	1.8 kB	2023-03-07	2025-02-02
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen4745 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	364 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5771 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 09:58 Times Seen57544 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - bd1d1128dc7ef2964d58135b51f72fb9	6.3 kB	2024-08-20 16:56	2024-08-20 16:56
Pretty Observations First Seen2024-08-20 16:56 Last Seen2024-08-20 16:56 Times Seen1 Hash bd1d1128dc7ef2964d58135b51f72fb9 b763c426c025794526fffcef54673986a929a2c0 a79a835cf6faecbc87b0be3b95114c206b47ca90338faaf6adcc3883b25302ed Loading...

	#3 Eval - 6bc5d9865033d8f3182ae4be1dbd4fd8	471 B	2023-11-27 03:47	2024-08-20 17:47
Pretty Observations First Seen2023-11-27 03:47 Last Seen2024-08-20 17:47 Times Seen5 Hash 6bc5d9865033d8f3182ae4be1dbd4fd8 1917f83ec3dc0d011f9a244f2113753a5b684899 c64b99fce5b79cbb0e5160edaad3e80628d4e31ddcce8ace403d3f7d78943a74 Loading...

	#4 Eval - c0fc74d06e32d34d2649a0a5ab195603	2.1 kB	2024-08-20 16:56	2024-08-20 16:56
Pretty Observations First Seen2024-08-20 16:56 Last Seen2024-08-20 16:56 Times Seen1 Hash c0fc74d06e32d34d2649a0a5ab195603 40266fe9a61bc3a2efc19d36ca2729a7cec0cb5f 1d8a992c01bc1b4a6eb299a57cc40b17178e5c28890f14e122b3a040c3ba7a7b Loading...

		Size	First Seen	Last Seen
	#1 Write - a89e2d6dbfc9b84c7fcff241ae466e67	120 B	2023-06-08 22:09	2024-08-21 07:44
Pretty Observations First Seen2023-06-08 22:09 Last Seen2024-08-21 07:44 Times Seen26 Hash a89e2d6dbfc9b84c7fcff241ae466e67 350e63894c038f1f9a9d8d28079147077249300f f54b46b1f4f05a1d6cfc74bb267115bbac4ad51d6ab7e57d7ac2db2c8c825e8b Loading...

	#2 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

	#3 Write - 8d7c3e0ad7d4adf583a2d846917ccbcf	120 B	2023-06-08 22:09	2024-08-21 07:44
Pretty Observations First Seen2023-06-08 22:09 Last Seen2024-08-21 07:44 Times Seen26 Hash 8d7c3e0ad7d4adf583a2d846917ccbcf 80b709e027ca673aeb85050ec683aa6b03780476 0e4374a855c697e9dc79a7be9ffaa1d58eab36c36723d73f8cb91ce216a7f207 Loading...

HTTP Transactions (141)

URL IP Response Size

i0.wp.com/images.vfl.ru/ii/1700325139/9ec170ed/39061539.jpg?ssl=1

192.0.77.2

40 kB

URL
i0.wp.com/images.vfl.ru/ii/1700325139/9ec170ed/39061539.jpg?ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
40 kB (40122 bytes)
Hash
5eedbfeb1e81a171f569bc2aea880dea
15efd3c35fb47ef324f053677a315bb1e1118b0a
6f2d680fc9b08ac6fa91680a143b126fba3696ac3615b0b265348bbe55c745db

HTTP Headers

GET /images.vfl.ru/ii/1700325139/9ec170ed/39061539.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: image/webp
content-length: 40122
last-modified: Sat, 02 Dec 2023 18:20:22 GMT
expires: Tue, 02 Dec 2025 06:20:22 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1700325139/9ec170ed/39061539.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5fde0a69d448e3f7"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1701553557/0202fcfe/39070039.jpg?ssl=1

192.0.77.2

32 kB

URL
i0.wp.com/images.vfl.ru/ii/1701553557/0202fcfe/39070039.jpg?ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31814 bytes)
Hash
54104bd9a71269fe62d519462dd16ee7
ce89c573d9f8fd846ca2fc0a39e1dd4db79c816d
ac9eaca474bd58dddf11622c65f87253d2074215cb8ed064d572d43c004c51cb

HTTP Headers

GET /images.vfl.ru/ii/1701553557/0202fcfe/39070039.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: image/webp
content-length: 31814
last-modified: Sat, 02 Dec 2023 22:00:40 GMT
expires: Tue, 02 Dec 2025 10:00:40 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1701553557/0202fcfe/39070039.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "4d73082d1ff29ddf"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1701605642/845a8c07/39070190.jpg?ssl=1

192.0.77.2

28 kB

URL
i0.wp.com/images.vfl.ru/ii/1701605642/845a8c07/39070190.jpg?ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (28480 bytes)
Hash
c386eebe9d1b1e56856d91ae6d468a20
079a18c9cbb7df11ec9fec14c9186d87e0b7a982
490c30dd032026cb96034077a04c5d4f7455d5eb62bc16f963abb67e3332e7be

HTTP Headers

GET /images.vfl.ru/ii/1701605642/845a8c07/39070190.jpg?ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: image/webp
content-length: 28480
last-modified: Sun, 03 Dec 2023 12:22:14 GMT
expires: Wed, 03 Dec 2025 00:22:14 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1701605642/845a8c07/39070190.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a762eeaf61ccdc1d"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2019/07/Game2u-web.png?w=400&ssl=1

192.0.77.2

6.2 kB

URL
i0.wp.com/game-2u.com/wp-content/uploads/2019/07/Game2u-web.png?w=400&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
6.2 kB (6158 bytes)
Hash
eaf72cc3af90419ec0aa491668f75a3e
f54ed88dd15522601d457c4d749564f733cfe0bc
e85b1bca5ed77bcc7bcb77f7a47cedac9da03da7565d61ae3b3c371daa4454f7

HTTP Headers

GET /game-2u.com/wp-content/uploads/2019/07/Game2u-web.png?w=400&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: image/webp
content-length: 6158
last-modified: Sun, 19 Jun 2022 07:37:36 GMT
expires: Tue, 18 Jun 2024 19:37:36 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2019/07/Game2u-web.png>; rel="canonical"
x-content-type-options: nosniff
etag: "29b31a5b8481f5b3"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1

104.17.24.14

3.2 kB

URL
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-1ed1"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 286214
expires: Fri, 22 Nov 2024 14:17:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jV4fAW5IuOYLMO3C7wqDnHJgcXZZpmYXgQKa0v3svEL%2BoXNmu%2FDq0ex90OvwqBG%2BC6n%2FLIAZ5%2ByKqNyGVNlTCo%2B0vhxM6Cb9SVeHsxuJMFqGNhnF7fzKGjUd2uaP82HW8tOtY3lV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82fc6e46bdce56c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1

104.17.24.14

1.1 kB

URL
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3036)
Size
1.1 kB (1101 bytes)
Hash
94279a9a0c4060a96efcf1da47716f86
ea88b3fd8b01a8b86edfd0f4120cc9a834893018
d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 544506
expires: Fri, 22 Nov 2024 14:17:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqlNmFsBiBsiwYjuzKqJIQxrejPicrVFqiQ0m55rUUYNTdmoN9MpDfr%2BiZKfZGwx7ZiZalp4EWLAKwX7xnuiZRY7TVo1pZQtqlvdlIhxnf1ywqPWYhhXT3c58uwxrdHRyx0m4b%2FH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82fc6e46bdd956c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1

104.17.24.14

677 B

URL
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.4.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-750"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 541864
expires: Fri, 22 Nov 2024 14:17:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BOnD8r1Fxp%2FEMOkTDfJUTi%2B9TxaYLGeHJL3rnO%2FzJvNHYo3zSSO4wu%2BDrkYTV7UnLVDDHKeV8iL9DyJB7haKGqVd7QSejszvv8Vjn4Fr7vBlk2ZDtxmk%2BlOr6fX%2BDPq5PjdZGMl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82fc6e46bde356c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

images.vfl.ru/ii/1690403507/02cb09cd/38977707.jpg

78.24.223.39

23 kB

URL
images.vfl.ru/ii/1690403507/02cb09cd/38977707.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
23 kB (23211 bytes)
Hash
42b443f40a8cfdc534343e3412713962
46da1806e161f61d2a9386f4efc7a27a0bfdc4bc
f06b85e731ad19b3e1f25d17361313a00ffafa9973449664c9f1db92df82b08c

HTTP Headers

GET /ii/1690403507/02cb09cd/38977707.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 23211
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 26 Jul 2023 20:31:47 GMT
ETag: "64c182b3-5aab"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg

78.24.223.39

68 kB

URL
images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.9], baseline, precision 8, 549x700, components 3\012- data
Size
68 kB (68045 bytes)
Hash
1d489a5f2d8533ddbb683993afa2a087
ce600f89bba4bffdbd21204d2498f2ec4d1f2558
731c8ad8f708a27994e45a1a2c5c7863260bf7fe7320ebc9c8c67bac794b892f

HTTP Headers

GET /ii/1696250976/cac8d0a1/39022607.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 68045
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Mon, 02 Oct 2023 12:49:36 GMT
ETag: "651abc60-109cd"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg

78.24.223.39

106 kB

URL
images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.12], baseline, precision 8, 549x700, components 3\012- data
Size
106 kB (105781 bytes)
Hash
9dc4765aa80f4e02583f392520410f7d
c80b5028f0906222650d653e93c008d8535b8234
5e66e0396362c5453351b8ba2b4677f8869decba00c68f76731f49fd6ceb59b1

HTTP Headers

GET /ii/1668003490/1ef4e00b/38638574.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 105781
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Wed, 09 Nov 2022 14:18:33 GMT
ETag: "636bb6b9-19d35"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1679707845/154521c0/38824712.jpg

78.24.223.39

21 kB

URL
images.vfl.ru/ii/1679707845/154521c0/38824712.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.2], baseline, precision 8, 549x700, components 3\012- data
Size
21 kB (20810 bytes)
Hash
5c222f37cc01fe0042cf73429c604e1d
824df2344dbfa149b1c925bc6f95d7339a178c9d
35fd75a84fac33612e2c3dd1a092cfc8f354ef2495b68d63c8d1940d698a0bde

HTTP Headers

GET /ii/1679707845/154521c0/38824712.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 20810
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sat, 25 Mar 2023 01:31:33 GMT
ETag: "641e4ef5-514a"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg

78.24.223.39

68 kB

URL
images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.12], baseline, precision 8, 549x700, components 3\012- data
Size
68 kB (67587 bytes)
Hash
8cd3e7be15a0f6c27a008a03a366d957
718878aab13bb0244159f178d503b85e03f2b242
6bfc5350b01c4ff9f669eed2db95a393d044bbb15d07af5fdbafffe734f58ab3

HTTP Headers

GET /ii/1670535497/93cfc2bd/38665474.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 67587
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 08 Dec 2022 21:38:46 GMT
ETag: "63925966-10803"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg

78.24.223.39

68 kB

URL
images.vfl.ru/ii/1696928090/cd438cd8/39032848.jpg
IP
78.24.223.39:0
ASN
#29182 JSC IOT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 5.0.10], baseline, precision 8, 549x700, components 3\012- data
Size
68 kB (67501 bytes)
Hash
aba5fa2dad062796c5469181bcc8a834
9fedaa50b2c06acbf5836cb1c41f5b631a7eddb4
35c75ed0adcbbacadbcfd3bbf6c630220c59e663decabc5bdaf25633abe15b3d

HTTP Headers

GET /ii/1696928090/cd438cd8/39032848.jpg HTTP/1.1
Host: images.vfl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 14:17:01 GMT
Content-Type: image/jpeg
Content-Length: 67501
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Tue, 10 Oct 2023 08:54:50 GMT
ETag: "6525115a-107ad"
Expires: Tue, 02 Jan 2024 14:17:01 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=UA-262573192-3

142.250.74.168

69 kB

URL
www.googletagmanager.com/gtag/js?id=UA-262573192-3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (4179)
Size
69 kB (69056 bytes)
Hash
d991ac4779f4dfcf6a9e5d45902fffe2
9330500c49b4ab5706769b9fc824567ee8ab13ce
b5ece0e4bba113b096b21baabe011a6a31307fd989688c960bd2af56ab771201

HTTP Headers

GET /gtag/js?id=UA-262573192-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 14:17:01 GMT
expires: Sun, 03 Dec 2023 14:17:01 GMT
cache-control: private, max-age=900
last-modified: Sun, 03 Dec 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

game-2u.com/wp-content/uploads/2023/11/NARUTO-X-BORUTO-Ultimate-Ninja-STORM-CONNECTIONS-RUNE-PC.jpg

172.67.185.244

29 kB

URL
game-2u.com/wp-content/uploads/2023/11/NARUTO-X-BORUTO-Ultimate-Ninja-STORM-CONNECTIONS-RUNE-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
29 kB (28884 bytes)
Hash
7b067d49ff4fdf8c38ffad6650279ce8
36a98b07daabbaa4231d0e0ee9dd3c4eebb353e7
a157c9cd33976990b2037aafa35831bf0ae7ec4fcb8f4baef45a72f4a676d723

HTTP Headers

GET /wp-content/uploads/2023/11/NARUTO-X-BORUTO-Ultimate-Ninja-STORM-CONNECTIONS-RUNE-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 28884
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 16 Nov 2023 23:06:47 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPwvcLTZPL%2Farki3syoqsyQ36sNif%2FBjxDuZPCaPF970mu4E0V1cDqKmKJ7Md0gFpoaKd5%2BEF%2BAoI8p%2BXVo0%2F1KAyGht7v60RU%2BcQ7MBi908nEki7oI2FbbmkH%2BetA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e453999b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/10/Starfield-v17360-Repack-PC.png

172.67.185.244

145 kB

URL
game-2u.com/wp-content/uploads/2023/10/Starfield-v17360-Repack-PC.png
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 241 x 339, 8-bit/color RGB, non-interlaced\012- data
Size
145 kB (145342 bytes)
Hash
f6c84a675ce802cdfa151e877f32e13a
9a526d5f007b62d209a61d42539bef2db6bdfec8
142fed611e16226b3f7de06b89899295c8a34190cd005d950c2e146b6224b9ba

HTTP Headers

GET /wp-content/uploads/2023/10/Starfield-v17360-Repack-PC.png HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/png
content-length: 145342
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 18 Oct 2023 15:26:43 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hnssS5j6DEkApwbOL4p6dkcELTNpH6mMOBwScsgkJvK76Mg7tFs42yvVPJSwcnrCAmNwnnyPziqC7f3h%2FHsz6NQYbUKPYftInHVE7K4Uob0mI5t%2BhQvRV%2BB6cKeyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e45399db517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

172.67.185.244

16 kB

URL
game-2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 23 Jun 2023 21:23:35 GMT
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucMVAbCoR8R2U3MtD7olcCU%2F71hOhWJOK82UZgwKegZkxwF5iCyr2xhjUJvYaQf4pU4cd3%2BbZwlqTitKSpVaHjXtv0IqZ%2F6hb5YqYeEi5v0IayPw5p9SsQ4a%2F2iakQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e45399fb517-OSL

game-2u.com/wp-content/uploads/2023/11/Baldurs-Gate-3-v4113882084-P2P-PC.png

172.67.185.244

168 kB

URL
game-2u.com/wp-content/uploads/2023/11/Baldurs-Gate-3-v4113882084-P2P-PC.png
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 241 x 339, 8-bit/color RGBA, non-interlaced\012- data
Size
168 kB (168072 bytes)
Hash
15c6211d88f50028b1f39cbcea6b6c06
752b14686947f65b90e5f546e58052c00a84b2f2
78ee319eddb9b1df9e38c0214f16065649b0305bb3b012677e861d075e7f94d6

HTTP Headers

GET /wp-content/uploads/2023/11/Baldurs-Gate-3-v4113882084-P2P-PC.png HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/png
content-length: 168072
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 03 Nov 2023 00:46:05 GMT
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqnrpkjldXbSEACi4HzdSFeahXpyfmK9cAwRHIM46bZlpdVr2NOtPzOSM1FedSuZ%2Fu6SWrHLi7qOsvKqdLBA3wkkUAeVKLgE0D61dar8HYA42JXHWwGxsnV4BxVQqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e45399bb517-OSL

game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.jpg

172.67.185.244

22 kB

URL
game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x96, components 3\012- data
Size
22 kB (21510 bytes)
Hash
50a6ccb47e60769abd113604a36a8782
841d8534f4c26c18b6e82e248dee42325533024e
11ec5a03426f3043a9027fced80b462983b1c1883e696b68c2f1df864bb1d9a3

HTTP Headers

GET /wp-content/uploads/2019/07/cropped-game2u-1.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 21510
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 15 Nov 2022 18:35:21 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mh3Nw76IrmPnGbaQhP7GmMcvUfPmoa9t%2Fb%2Bi3Z%2B%2BnXd%2ByGIub%2BzizVXjmSlwdOlCx5HSdUzoW%2B3pQfxowoP3h4rAg%2F8%2FP%2Fy4SY56XSOeorbJxjohv%2FkyPTFDzIpJKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4cfd0fb517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2019/10/a.jpg

172.67.185.244

1.4 kB

URL
game-2u.com/wp-content/uploads/2019/10/a.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 192x246, components 3\012- data
Size
1.4 kB (1395 bytes)
Hash
3ac5ad5b1d487d72e99652fb93544499
667e333e41654392ba20a19101abc2111f25dd38
5abdd1ad282db0b26db73bde8ce1375ca60bc4dbaa3bff8c070d76afd1430c7b

HTTP Headers

GET /wp-content/uploads/2019/10/a.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 1395
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 15 Nov 2022 18:35:21 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6w12%2F6JvN5T2lt00U4hg6gzWPulGUtxiCtKt4pmHvhVdXZ2pk5RvrwdZu%2FpMXpYrg67pWCsD2jCPafQ%2FvDqy9%2FfBQ8MGJke5n99yghmEAx9%2FliyccCpFrNBdn%2F6IA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4c7c8bb517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/themes/poster/foundation/js/foundation.core.js

172.67.185.244

4.8 kB

URL
game-2u.com/wp-content/themes/poster/foundation/js/foundation.core.js
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.8 kB (4765 bytes)
Hash
0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2

HTTP Headers

GET /wp-content/themes/poster/foundation/js/foundation.core.js HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 22 Feb 2023 09:26:36 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ILRh87rMFotfyNHlzPKeBaAKW7ZZo0h7hhpKzZoCvMMTuqUtwI3oLSyrMzerBL29ekIcDsN4Ub9rCJLFQznwnHgC3mtTimeH3FtN3yLfND7Qvd1%2FVKT8cZ1hj0sacA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e4549cbb517-OSL
content-encoding: br

game-2u.com/wp-content/themes/poster/js/loadscripts.js?ver=1.0

172.67.185.244

81 kB

URL
game-2u.com/wp-content/themes/poster/js/loadscripts.js?ver=1.0
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
81 kB (81296 bytes)
Hash
5c8deb69b2f7b5258a12a9a113b087b9
8c4d79d253217bc17d6fcd6808c9f255be596aaa
9778467bb8930869e7f29d83d8ec51a3b79bd1d7c44c0fc046b24686decdd803

HTTP Headers

GET /wp-content/themes/poster/js/loadscripts.js?ver=1.0 HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 22 Feb 2023 09:26:36 GMT
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qKKclg5%2FfrT7C2aFHBp43i9UmN2gFjbK3Rai1DSWcCY5eZm8KbPXEvqY4qVI7xnKCswIb83nBtLYYi1HP%2FOSgqTuGvsRLrzT%2B7%2B4jXV9F7%2Fob99qhlEl8%2B%2BP7Yi4Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4549cdb517-OSL
content-encoding: br

game-2u.com/wp-content/uploads/2023/12/Sephonie-v8645737-PC.jpg

172.67.185.244

23 kB

URL
game-2u.com/wp-content/uploads/2023/12/Sephonie-v8645737-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 71x71, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
23 kB (23112 bytes)
Hash
7571f28f1eceeb289f79526530544fd9
9b4922ddca309885f744cf2630945df2b30823a8
b0a8f4702795487789e639757138c2679d98d4f09a990197cb2bd36e628d672d

HTTP Headers

GET /wp-content/uploads/2023/12/Sephonie-v8645737-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 23112
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 14:08:31 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dUcsWEJJRAT4qLTMcNJdU58q2KBTX2l9vHnPyuEKQMYClIWtelb25kPmrJ9fFQCjEZeEo9H6JEv5VcKCieJU01l0RtbVL9ACmDPP20%2BhbtnyZ2cjjXLzlhRrwxErVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e66b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/cache/wpfc-minified/201kipw/g4fzp.js

172.67.185.244

80 kB

URL
game-2u.com/wp-content/cache/wpfc-minified/201kipw/g4fzp.js
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6061)
Size
80 kB (79790 bytes)
Hash
bdf14af9bf49d3a1bbfea11b459127da
2e1c77dbafaf09661bae87696b12ed41ac8574fd
f6b1ce0c1b93e5e78956f456ce60a313aba36fc3491639c2797d6dccad01585d

HTTP Headers

GET /wp-content/cache/wpfc-minified/201kipw/g4fzp.js HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 28 Sep 2023 10:01:45 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EORC%2B4yZaqvdHQ6m6U0KHkUmKPaIawJ%2Fm9A9gzLLWwZd%2BSm8%2Fgl7MzwdhcakcT%2BpqvNWD3gCtR9iiUB8clqW%2Fz5KVXFVeTBCWZM5OnOWhujS1pRjoYh1bqAzFt1UjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e452971b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

90 kB

URL
c0.wp.com/c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (13479)
Size
90 kB (90357 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /c/6.4.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Mon, 02 Dec 2024 14:17:01 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.a-ads.com/a-ads-banners/217382/728x90?region=eu-central-1

78.46.33.196

709 kB

URL
static.a-ads.com/a-ads-banners/217382/728x90?region=eu-central-1
IP
78.46.33.196:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 728 x 90\012- data
Size
709 kB (708571 bytes)
Hash
c6395473fd63604afe5354149bef9bc0
21613e909cd38229abc80cf6928c8644a17e59c5
808adc74c8c2c7a45e2e6d5eed2e427723a4890732168915a15d37ac81bcb9a1

HTTP Headers

GET /a-ads-banners/217382/728x90?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/gif
content-length: 708571
x-amz-id-2: TJZH8FPEdYInxjqDQeWaReBi9g/PoGWTia345aS4D7ZWaQToTklU5nl+FtBmRkf7AmTp7gWR6KE=
x-amz-request-id: AX5AXXG04NZ69VSY
x-amz-replication-status: COMPLETED
last-modified: Sun, 11 Jul 2021 13:31:19 GMT
etag: "c6395473fd63604afe5354149bef9bc0"
cache-control: max-age=315360000
x-amz-version-id: MdSXS0TBBSMSIX2gIg1WADzWVBc7YcGN
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

game-2u.com/wp-content/uploads/2023/10/Alan-Wake-2-RUNE-PC.jpg

172.67.185.244

15 kB

URL
game-2u.com/wp-content/uploads/2023/10/Alan-Wake-2-RUNE-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
15 kB (15317 bytes)
Hash
586d7f362976eab4f5d7133e01b1c114
901fb66527789b2dc90ca9f017be00a5370410c6
70892d980d1a936aaeb332b51a19eaaad6e8e724506a10a104e70730963e6067

HTTP Headers

GET /wp-content/uploads/2023/10/Alan-Wake-2-RUNE-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 15317
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 27 Oct 2023 07:58:01 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5CP6LiGdqLWs7bNEq8Fz58ubhrkSXJaj9yKrite8%2F3b0dj%2FFYux93VHWTowvgQ1SeCJLjQtGn323fjwsK3yXR0InoCe%2BZu8BHfcoOeC0KCwPd1ngPPfo5s84XyPIyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e55b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/themes/poster/js/skip-link-focus-fix.js?ver=20130115

172.67.185.244

22 kB

URL
game-2u.com/wp-content/themes/poster/js/skip-link-focus-fix.js?ver=20130115
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
22 kB (22266 bytes)
Hash
88744222f59f4700c6bc9212e12a653c
df0bf43d60bed605eabbcb2776e0fbb46f1d1c05
4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073

HTTP Headers

GET /wp-content/themes/poster/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 22 Feb 2023 09:26:36 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPt2iOv%2FvaKytXH%2BdfVVS3GEw4E2CgXoAxLERoT7dFUToXn8dfvCn2Keu3DsniUIIepLy33udu0%2F0SJYYpz3fmYvrY1RKcEtCJJGboblhn4RA94%2F6FZKUmzV6zIWhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e4549cab517-OSL
content-encoding: br

game-2u.com/wp-content/uploads/2023/03/Resident-Evil-4-FULL-UNLOCKED-PC.jpg

172.67.185.244

12 kB

URL
game-2u.com/wp-content/uploads/2023/03/Resident-Evil-4-FULL-UNLOCKED-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
12 kB (11776 bytes)
Hash
3a32866555ecb7d7dc3756ae216ce20d
b524ee19c4e421d8fb1f4b51217830208be0f5fb
db97e5fa2659570d46ff096d756760146ff91603f8f217b28764b5c2f709c50c

HTTP Headers

GET /wp-content/uploads/2023/03/Resident-Evil-4-FULL-UNLOCKED-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 11776
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 24 Mar 2023 12:49:04 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sve7rbxXBij1Y6CvpJTMW%2F%2BGCtGwtiGCCc6Pv%2FiPIyGUzPbj0RRNr4SzJfEAeZxbz0LDoFxvk2KgPFztEjDdk7BOU76%2Fq2vuG6EMRvWP4Dg3rT1NKc74kVMb0MkBpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e63b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/themes/poster/foundation/js/foundation.min.js

172.67.185.244

38 kB

URL
game-2u.com/wp-content/themes/poster/foundation/js/foundation.min.js
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32072)
Size
38 kB (37648 bytes)
Hash
9f0af735cc1c2011ddd8e8a94273129a
4fced5505d621687f784e705ce3da6dd02312773
e8fa3bdea50e7c47ebbcab43cbcf073745f1eb08f1dd996781c7098ec215a488

HTTP Headers

GET /wp-content/themes/poster/foundation/js/foundation.min.js HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 22 Feb 2023 09:26:36 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1V%2BDwi3z4CgVD7BMdXvvg7JGms0cD80RL2ycRCGhee0%2F14Ky7xDKEDY8W6gLTMH3GrDvfTDZRrkYkcUsgR0GWsfcP0j9RsMRU%2BAkBgVh7%2F3bIdrxMDxNqm8mcpWUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e4549ccb517-OSL
content-encoding: br

game-2u.com/wp-content/uploads/2023/02/Hogwarts-Legacy-pc-free-download.jpg

172.67.185.244

17 kB

URL
game-2u.com/wp-content/uploads/2023/02/Hogwarts-Legacy-pc-free-download.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
17 kB (17406 bytes)
Hash
4b25b6fcc7c9ff0f678c8f54dadb7824
7ea43fbc898504c403dadaacb54ee97d334c2f24
880694ba8c1fe39fcb22ff2119e54c4dd30b2a2a8908460196e7e02afc03ee4e

HTTP Headers

GET /wp-content/uploads/2023/02/Hogwarts-Legacy-pc-free-download.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 17406
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 23 Feb 2023 09:17:09 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NkXHR37M%2BVwcbLEzk%2FqBzFO9MtH1%2BoXL2pUBTZ6qj%2B5o8bg0%2FF3MDfyQCG%2B55zgHCFY1K52Ep6g12fHMomoWfHvyhz917XZU%2F2AA6NXpYtq1ZaxvNQhG7FF75HCXjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e5eb517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/12/Speed-Mazing-Build-10964773-PC.jpg

172.67.185.244

17 kB

URL
game-2u.com/wp-content/uploads/2023/12/Speed-Mazing-Build-10964773-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
17 kB (17290 bytes)
Hash
3730219dbd95f79413a495a307fd4278
476cb31327ec82c23a2919cbbd8c56002ac7f450
c3f6c451832ce94229df5b982a9ab8b18bc0788915b2b13856035b35b0a8f5e3

HTTP Headers

GET /wp-content/uploads/2023/12/Speed-Mazing-Build-10964773-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 17290
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 13:57:53 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sz1J2kHb%2B24VhwNnFTKju%2BVxkl57vlhZemoMMSDezWjjLdRNG0O7zNcV9KSes2spxhpoqN228rVHx%2B1hJzNeK0bx%2FP%2BdL5AcZmqww6JMDpwp6TRuYpPMcw%2Fu9%2BOBWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e69b517-OSL
alt-svc: h3=":443"; ma=86400

stats.wp.com/e-202348.js

192.0.76.3

17 kB

URL
stats.wp.com/e-202348.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (6931), with no line terminators
Size
17 kB (17347 bytes)
Hash
2567b82fc5b4900c78be291e6a957e99
114ec9e929313111ec06f33e342205c52cce5b11
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

HTTP Headers

GET /e-202348.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/13576-1684464982353.1523
content-encoding: br
expires: Mon, 25 Nov 2024 16:24:36 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

game-2u.com/wp-content/uploads/2023/11/Ratopia-Early-Access-PC.jpg

172.67.185.244

21 kB

URL
game-2u.com/wp-content/uploads/2023/11/Ratopia-Early-Access-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
21 kB (21174 bytes)
Hash
680389f196e4f1cdeefe42930b4b0d6b
13d0729ec00b7e0391a63b4ae02e947c4ef6221c
a07caa3d60902d02d51490829b0a312c11be67f027f01504a5970d56ed38ff42

HTTP Headers

GET /wp-content/uploads/2023/11/Ratopia-Early-Access-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: image/jpeg
content-length: 21174
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 07 Nov 2023 12:40:30 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhBcpcm5gQPhGsHrDy7OPBXNJ9XqOJewrVSwjRYwUto%2FM6YKha2da3HhSub92ggyxiUMLzZ2HQaWfoIvg3F1oZwaSuhxMFLSts2hAVXWX5wQtCCvuBaktulZ3Sq%2FPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e4d9e65b517-OSL
alt-svc: h3=":443"; ma=86400

definedbootnervous.com/b820496cbe0f52245b6894ae62c63be0/invoke.js

192.243.59.20

11 kB

URL
definedbootnervous.com/b820496cbe0f52245b6894ae62c63be0/invoke.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29611), with no line terminators
Size
11 kB (10926 bytes)
Hash
dceb4f68d38118b10f28c2d4107d56f1
1bff39deb5cf086a5d1fe87ff02a057d79ded671
a37b29a7e21cbd39ef84338a9a0b6580b124cad2e74efad7412908c7b262b96e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b820496cbe0f52245b6894ae62c63be0/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a94a30db9af2be06815a1e4bbe0e5641
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

definedbootnervous.com/ee9bf356d601332a3ace39ce6d63a346/invoke.js

192.243.59.20

11 kB

URL
definedbootnervous.com/ee9bf356d601332a3ace39ce6d63a346/invoke.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29655), with no line terminators
Size
11 kB (10965 bytes)
Hash
0d438f6826b8b3f59cfad2b0604bf264
44ee86db019bfe37e95307ace050cef2d3ca1005
4b9c7fcc292716496f2904c03d190aff8ea086ca721081877ce18edef5a7ede1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ee9bf356d601332a3ace39ce6d63a346/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eddaf5cc7575a1ed17a07e35dca5f705
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

192.0.77.37

2.8 kB

URL
c0.wp.com/c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (8171), with no line terminators
Size
2.8 kB (2792 bytes)
Hash
dda652db133fddb9b80a05c6d1b5c540
60c8514c57a5db2980c4b046b0dd479bd427357b
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

HTTP Headers

GET /c/6.4.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Mon, 02 Dec 2024 14:17:01 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ec15f6c71aff225bd9dd9ba382097914
d7f3909225850187f37a50f18ad22f60446da233
1c119a04e61237d689ef4b660d96d439e09821a828623e2089011ea432319bd2

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://game-2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5027b68b-e832-4e66-8c79-d77d1c5d95c2:3:1; expires=Wed, 30 Nov 2033 14:17:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
68decb365c588b0f4fe2ade7bf5e80da
aa411e05b8f278f84fbfc0bc2dbb72d26bc29ec8
a47bb006c7a4a9c1773e465ceebc5f6399fc91c8416c10c0eed65000370ace88

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://game-2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=84fdd3c7-0f8b-4c10-9870-24cc48cbc07e:3:1; expires=Wed, 30 Nov 2033 14:17:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

static.a-ads.com/a-ads-banners/452149/336x280?region=eu-central-1

78.46.33.196

43 kB

URL
static.a-ads.com/a-ads-banners/452149/336x280?region=eu-central-1
IP
78.46.33.196:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 336 x 280\012- data
Size
43 kB (42935 bytes)
Hash
99440f993c4ceeb10c30be303503be7d
c0d2dbad7179c0fa4b704ab05da2f15e69ddf2e0
2a8941c29a2adb48173120c82bc82873aab5931333e968e3d73ff6b9beb0b049

HTTP Headers

GET /a-ads-banners/452149/336x280?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/gif
content-length: 42935
x-amz-id-2: oUJlivQNMn70jCvCP0DYzCFwblFKD0ILhpImwgydyEGOQcx/nEtC7ALwQex3iniXl4X7BhEKlvc=
x-amz-request-id: 63BZPTPZ5SEJBG36
x-amz-replication-status: COMPLETED
last-modified: Sat, 29 Apr 2023 12:10:47 GMT
etag: "99440f993c4ceeb10c30be303503be7d"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: czSaYk7ghyudhydZ_WNcAY6e6mNV77nm
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.042381271425321

192.0.76.3

50 B

URL
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.042381271425321
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.042381271425321 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?v=ext&blog=106163218&post=0&tz=0&srv=game-2u.com&j=1%3A12.8.1&host=game-2u.com&ref=&rand=0.7048642215425673

192.0.76.3

50 B

URL
pixel.wp.com/g.gif?v=ext&blog=106163218&post=0&tz=0&srv=game-2u.com&j=1%3A12.8.1&host=game-2u.com&ref=&rand=0.7048642215425673
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=106163218&post=0&tz=0&srv=game-2u.com&j=1%3A12.8.1&host=game-2u.com&ref=&rand=0.7048642215425673 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1

142.250.74.106

8.4 kB

URL
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
8.4 kB (8429 bytes)
Hash
a1623c517de76df26103b000f15c3369
0b112ebb800e3593c2c08358c3b840178e57e0e5
5d607eff4f10fc2af80925b5659b7276ed1db25e51e0f869495b45b4d9dcd870

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.4.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 14:17:01 GMT
date: Sun, 03 Dec 2023 14:17:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

game-2u.com/wp-content/cache/wpfc-minified/lmnzjxmp/g4fzp.css

172.67.185.244

28 kB

URL
game-2u.com/wp-content/cache/wpfc-minified/lmnzjxmp/g4fzp.css
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (34399)
Size
28 kB (28092 bytes)
Hash
2e7d248ba3b7973b3a7a84f0c80200e7
ce574c62d72c288f984993b525b4e8f2b481bf43
5c4272a8de828e801ab199d3eb06c1a47ac04b3f0b414a8957455a50d5f4d0bf

HTTP Headers

GET /wp-content/cache/wpfc-minified/lmnzjxmp/g4fzp.css HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 28 Sep 2023 10:01:45 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNBOim5A7VHddUHDzaR3%2BoduGPQHhN7AHYQBziVQ%2FOvyUMjg6KUS%2BrxCimZeh5taD4U0bJsbwGQVAgNmQsXBM%2Fo9DLf%2BQmWs%2Fw8cRbluoAOoDV8q9cAezispqWFxsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e44f936b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?resize=200%2C200&ssl=1

192.0.77.2

10 kB

URL
i0.wp.com/images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10116 bytes)
Hash
73e650cf63518c05309f52b6bcde6653
44e3219a21f7147efa96c56943020138367d09a6
be203229536dca41d0e3350f90c17c605d43361a675da51e25e9d42c18f502fb

HTTP Headers

GET /images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 10116
last-modified: Mon, 02 Oct 2023 13:27:10 GMT
expires: Thu, 02 Oct 2025 01:27:10 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1696250976/cac8d0a1/39022607.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "88e41d9dc3fdbfd5"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.png?fit=200%2C200&ssl=1&resize=200%2C200

192.0.77.2

7.9 kB

URL
i0.wp.com/game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.png?fit=200%2C200&ssl=1&resize=200%2C200
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.9 kB (7878 bytes)
Hash
8b57194b60bc7e7c2dee3ddcf70e1a5f
69033cc1d18510d4381927d339601be9f636851d
e8a7f600c90d2398f1f307db90650a1073dcc4bfd1259091a772caf0cec9af47

HTTP Headers

GET /game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.png?fit=200%2C200&ssl=1&resize=200%2C200 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 7878
last-modified: Sun, 08 Oct 2023 00:38:39 GMT
expires: Tue, 07 Oct 2025 12:38:39 GMT
cache-control: public, max-age=63115200
link: <https://game-2u.com/wp-content/uploads/2019/07/cropped-game2u-1.png>; rel="canonical"
x-content-type-options: nosniff
etag: "4904028594659e2a"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.207.226

53 kB

URL
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3968)
Size
53 kB (52576 bytes)
Hash
8fc6d76c3e74daffc4563e973352874a
6226089344b07aca07da44c4e95c078a8665760f
148fa9da8af790b5b4321329a105bbbea91abb215a40a2495f7e9f204532dd6d

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 03 Dec 2023 14:17:03 GMT
expires: Sun, 03 Dec 2023 14:17:03 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8331930164927003108
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52576
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg?resize=200%2C200&ssl=1

192.0.77.2

10 kB

URL
i0.wp.com/images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10398 bytes)
Hash
928a3ca8ed5d134ded95922da81863f7
6477f6c361cf3ac1144902ed1dd6c644bdf303f2
3377b98aa6155af7043bfc6d8a637f0e89739dc8c408a7024b45007ad9ef45e0

HTTP Headers

GET /images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 10398
last-modified: Wed, 09 Nov 2022 22:25:03 GMT
expires: Sat, 09 Nov 2024 10:25:03 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1668003490/1ef4e00b/38638574.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "224fc76a1dc8a173"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1594378632/4b3afb3c/31039142.jpg?resize=200%2C200&ssl=1

192.0.77.2

14 kB

URL
i0.wp.com/images.vfl.ru/ii/1594378632/4b3afb3c/31039142.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (14422 bytes)
Hash
5d8b8305dd2af2dfeac5aae24847b183
05925f945432cf544a68f8258d1fa86383e05e72
be6a8f7f049210941a910834bef26acb4ddfdba7e93a906f43c1ba953789e395

HTTP Headers

GET /images.vfl.ru/ii/1594378632/4b3afb3c/31039142.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 14422
last-modified: Fri, 30 Dec 2022 14:03:56 GMT
expires: Mon, 30 Dec 2024 02:03:56 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1594378632/4b3afb3c/31039142.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ef5b1568fa0372dd"
vary: Accept
x-nc: HIT arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg?resize=200%2C200&ssl=1

192.0.77.2

7.4 kB

URL
i0.wp.com/images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.4 kB (7436 bytes)
Hash
26af078060d78dbccc2a597bd8476395
d479ac2a8bfd50ca3b82357f062a7c3e6adc5d6f
e62e1d0bc1fefbe93df27ce00c0bb638c7692d18415965959659accb04e2c62a

HTTP Headers

GET /images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 7436
last-modified: Thu, 08 Dec 2022 23:03:12 GMT
expires: Sun, 08 Dec 2024 11:03:12 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1670535497/93cfc2bd/38665474.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "923ac38425938c16"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

dragnag.com/2e/59/01/2e59010ee40bb5ee297c2a0ecedaa23b.js

173.233.137.60

23 kB

URL
dragnag.com/2e/59/01/2e59010ee40bb5ee297c2a0ecedaa23b.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (59708), with no line terminators
Size
23 kB (23343 bytes)
Hash
936d223e6222264009b3393ecc7c20bd
f2701a96fc9c2fefe052c75eebfac57c979262d1
4fc31f49d9bf9a702fb7cab0499008d1e62192bbc9cb042ccf2d15513bcc152e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2e/59/01/2e59010ee40bb5ee297c2a0ecedaa23b.js HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d612855468f68bfca3073027973edbf5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f

172.67.185.244

29 kB

URL
game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65453)
Size
29 kB (29227 bytes)
Hash
3c7e73dd02f57abb6fec8fadea6e35b0
dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8
d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 18 Nov 2023 23:10:10 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8J9814LdBdXpyZXatgOIw%2FknjMIfKqFcZWUeqnjdnshZsqybEuzeY0RHrvc%2Fc2BM4wT1uNhfznu%2BL%2Bg4xo2DCAlEZTFoa49HxqXPE7Ew5dU8pDZzZUBXKjKak%2Bd0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e55d949b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i0.wp.com/images.vfl.ru/ii/1659861766/f24f649e/38521057.jpg?resize=200%2C200&ssl=1

192.0.77.2

4.5 kB

URL
i0.wp.com/images.vfl.ru/ii/1659861766/f24f649e/38521057.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.5 kB (4544 bytes)
Hash
ccf56c7235436ec1783acfaa0efeed4c
55698c449b1607e23761363a0172a0290e313cd1
becf8b14348bb911289350d3797a2287adaeccf5866d9df5ef060b869e87b611

HTTP Headers

GET /images.vfl.ru/ii/1659861766/f24f649e/38521057.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 4544
last-modified: Tue, 21 Nov 2023 00:47:24 GMT
expires: Thu, 20 Nov 2025 12:47:24 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1659861766/f24f649e/38521057.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "3ef9c33af80f5a9b"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1608505944/44d0dd7c/32725170.jpg?resize=200%2C200&ssl=1

192.0.77.2

7.6 kB

URL
i0.wp.com/images.vfl.ru/ii/1608505944/44d0dd7c/32725170.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.6 kB (7628 bytes)
Hash
4f8747db8344b5ca31431f9b955dc00d
03f79cf321883cd7a31314878ef9d76fc2497bcf
c77d15e8ed9abd60b22d635c4631a6f76f360202d30c699efd3234631fa295f0

HTTP Headers

GET /images.vfl.ru/ii/1608505944/44d0dd7c/32725170.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 7628
last-modified: Sat, 04 Nov 2023 00:02:46 GMT
expires: Mon, 03 Nov 2025 12:02:46 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1608505944/44d0dd7c/32725170.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "4ff2d61daf8bc375"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1608372669/8c1f1347/32708334.jpg?resize=200%2C200&ssl=1

192.0.77.2

8.3 kB

URL
i0.wp.com/images.vfl.ru/ii/1608372669/8c1f1347/32708334.jpg?resize=200%2C200&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.3 kB (8266 bytes)
Hash
cf79e8ee382e22b0baea5cc27dfbea32
2b14e92b53af28d2d646c7ee632f7b24bb8023ff
c9237f7068685e9d61f5f39dc9db1fa9e113ccdbc962ad642f78fcde83e53cee

HTTP Headers

GET /images.vfl.ru/ii/1608372669/8c1f1347/32708334.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 8266
last-modified: Sat, 02 Dec 2023 08:31:51 GMT
expires: Mon, 01 Dec 2025 20:31:51 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1608372669/8c1f1347/32708334.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "933c2c94ec913fae"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

7.7 kB

URL
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

woafoame.net/tag.min.js

139.45.197.239

26 kB

URL
woafoame.net/tag.min.js
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25611 bytes)
Hash
fb7eb4b07c3e717cad649d3afa99ca57
ba3a9cdd70a5f99c0ed8a032d79a08a6edb673d2
e6aa84f006f03b6a1cf7f3a082a3d7470943d3f29253cc4b0d1ee0f3e2cc76ee

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: text/javascript; charset=utf-8
content-length: 25611
content-encoding: br
x-trace-id: a1444dc2902072a72f189136a9eb799d
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 02 Dec 2023 17:34:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

game-2u.com/wp-content/uploads/2023/09/Wallpaper-Engine-v232-PC.jpg

172.67.185.244

18 kB

URL
game-2u.com/wp-content/uploads/2023/09/Wallpaper-Engine-v232-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 241x339, components 3\012- data
Size
18 kB (18211 bytes)
Hash
97b578be05efd8b41a61403a864f0a17
12575563b336beaabefd36b226c8e0c46370b6f5
d20b7b8a5ea2def92c0edafdccb44f3f84f86795c28284a0aa9548bd11929c27

HTTP Headers

GET /wp-content/uploads/2023/09/Wallpaper-Engine-v232-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: image/jpeg
content-length: 18211
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 26 Sep 2023 14:21:18 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoH4uR%2BGxEOMoYNoghwjTyAcWLUlff0IdpyMrtFS1U5%2BSLMoXyg7AUsgUJfeYrr9dp7DczpPGPepH677mqduaHIjcZkNYc8oAw7Yru3yubnURM59Z7p35%2FpS4cGgBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a65b517-OSL
alt-svc: h3=":443"; ma=86400

woafoame.net/5/2094770/?oo=1&aab=1

139.45.197.239

1.4 kB

URL
woafoame.net/5/2094770/?oo=1&aab=1
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.4 kB (1391 bytes)
Hash
d72206975f2761a343fad384a8c0812e
d409046a67dc80f805e4414c3577cd1cddecfb4a
7fd9c77833deadac0ad7b82e737f2e0e6cb75028a64680b9aaaec6de39a52622

HTTP Headers

GET /5/2094770/?oo=1&aab=1 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:03 GMT
content-type: application/json
x-trace-id: ede369cc9f0ad5aa198e492808317a33
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://game-2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=8c5e137dec664538a9b1cdbe9b83b142; expires=Mon, 02 Dec 2024 14:17:03 GMT; path=/; secure; SameSite=None
oaidts=1701613023; expires=Mon, 02 Dec 2024 14:17:03 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1

192.0.77.2

7.7 kB

URL
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

vintageperk.com/92/6c/ef/926cef8b47c32f14e00f9a46d8cb5cdf.js

192.243.61.227

23 kB

URL
vintageperk.com/92/6c/ef/926cef8b47c32f14e00f9a46d8cb5cdf.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (59733), with no line terminators
Size
23 kB (23358 bytes)
Hash
23321ab4ae57f81337f0306a0c62fae4
98e045e10b4ad77e39caeb0ad53348ead39a6a23
4370f9fcaa0ed345b1421400cb77b95dc17fcce42f9b34ff086ddcc34b24128a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /92/6c/ef/926cef8b47c32f14e00f9a46d8cb5cdf.js HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96dbf13e03c1c2cb34e5a8be2df9cde3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
68decb365c588b0f4fe2ade7bf5e80da
aa411e05b8f278f84fbfc0bc2dbb72d26bc29ec8
a47bb006c7a4a9c1773e465ceebc5f6399fc91c8416c10c0eed65000370ace88

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: uid_id2=84fdd3c7-0f8b-4c10-9870-24cc48cbc07e:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://game-2u.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

game-2u.com/wp-content/uploads/2023/12/Vision-Soft-Reset-Build-10278187-PC.jpg

172.67.185.244

17 kB

URL
game-2u.com/wp-content/uploads/2023/12/Vision-Soft-Reset-Build-10278187-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
17 kB (17142 bytes)
Hash
a4027d060b7852a3dfddcf832d755298
7033b8cf5aac0b0b9cfa0ab26e792733dba6ec42
42eab60c29a00486b1688dc85ceecce036a78d5d4f5aa345ab4067d51a2539f5

HTTP Headers

GET /wp-content/uploads/2023/12/Vision-Soft-Reset-Build-10278187-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 17142
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 13:27:46 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omITnVC7gB944zzGRoRnjxG%2B%2FbUboEMoHHPjRweUikB3AaUbOHVHqB3NwCdEfZhaCeIVvojoXWQRZrfAPl1nyjtK41DydCZN7zKXMJzBXOUOUqSnY9Fz8H3HQfYDhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a64b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/11/STAR-FLEET-II-Krellan-Commander-Version-20-GOG-PC.jpg

172.67.185.244

34 kB

URL
game-2u.com/wp-content/uploads/2023/11/STAR-FLEET-II-Krellan-Commander-Version-20-GOG-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
34 kB (34271 bytes)
Hash
94a40f3230579ba2c55a0b2f9cbce9b2
43610e1cdbf5f022d9c18534d47cbb0f5dabab1a
dee62df7f8bb25b58bfb46ae7ad152966687a58c9e2c34b36e1e8042ededf83e

HTTP Headers

GET /wp-content/uploads/2023/11/STAR-FLEET-II-Krellan-Commander-Version-20-GOG-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 34271
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 21 Nov 2023 04:05:53 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oa7OnW1NS1z0Ov6MwnksZoSS64qYicfH4nL%2B1Tg2z8UtlBo2v9i7Knfi5HfFK7HzJ4OYMUT1rpyaeXJQTEfKvp%2FzPQUxHEZz4%2FTfsX3BV1L%2Bb5fXBaTPg1Cz0yUR8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a60b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/05/Terraforming-Mars-v20000312730-PC.jpg

172.67.185.244

15 kB

URL
game-2u.com/wp-content/uploads/2023/05/Terraforming-Mars-v20000312730-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 241x339, components 3\012- data
Size
15 kB (15024 bytes)
Hash
ca0973cd043b62a97ea71490c1ee8a4e
783920018bfc30f0d12087258bd30ddf508faa62
fede149ae24bd5967e48f75d89495f1f469adeb5c11d410f5f8be0ffc64d9e7a

HTTP Headers

GET /wp-content/uploads/2023/05/Terraforming-Mars-v20000312730-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 15024
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Mon, 08 May 2023 07:57:41 GMT
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FxRjWjaq2WcdhtXRx0O5Z5DFOWeZVj4jRLJhPRPZVGp4DGjpr9aJ66Yg2Hwz0YuzMimPyC%2BgDJxCRLje3AGgq9i7xyIOxoJRwcBAlR3dMFtrFUvYQlpLAPaSs4kt5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a63b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/12/Adore-Build-12632545-PC.jpg

172.67.185.244

19 kB

URL
game-2u.com/wp-content/uploads/2023/12/Adore-Build-12632545-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
19 kB (18906 bytes)
Hash
1ceb0ee9fd73650feb57e69d21d7eb9e
cf0efc7c59d053b5be7adaa0ac6b3cb9a5a0cd98
35b803693cc9d5e4171daee3d71729439bf9331fd5abe20c12918b72a2d5c5d8

HTTP Headers

GET /wp-content/uploads/2023/12/Adore-Build-12632545-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 18906
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 13:18:46 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5A0Lliq1cUncFsu%2B4gAbCqQJXuX83XLNkdEgThcLgNXP6iU%2BePGzamWNFyc0NTLgRPMi%2FeHRMkE%2BQO4QBjH%2FTW6VbWMRdzQE6QwUARzx63OnCe1DGf0AEioCU7Smw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a67b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/12/Tales-of-the-Tiny-Planet-v1211-PC.jpg

172.67.185.244

11 kB

URL
game-2u.com/wp-content/uploads/2023/12/Tales-of-the-Tiny-Planet-v1211-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
11 kB (11053 bytes)
Hash
2d8a0297ebec7552fe7eadc039d2272c
79ad05c055b277188cacb82239178a559253bdcc
4f0fb2e1b3b8ae32a0f66eb0b7fb63f86931fc45d11ded135d73a379b9aba70b

HTTP Headers

GET /wp-content/uploads/2023/12/Tales-of-the-Tiny-Planet-v1211-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 11053
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 13:42:47 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCgrh%2BivCfvVeaGl9EWInE1C11lYJit00jLASLt8Z9xJT2nn60%2F%2BWBS3K7Rhrki5C62OHsMDsdjyIXXqi19RyIQY%2F0CQS44U%2B6hSqOor0aPBOIs%2BnPIeMX8%2FEonqNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a61b517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/uploads/2023/12/Star-Explorers-v544-PC.jpg

172.67.185.244

13 kB

URL
game-2u.com/wp-content/uploads/2023/12/Star-Explorers-v544-PC.jpg
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 241x339, components 3\012- data
Size
13 kB (12714 bytes)
Hash
d6f7d6c8dec9d56aab25de186410e135
ada7521e117141ad766bc4f415de9daea60524b5
bfc815abaf4b782481ecbb40f7e8b4ae096528025acf76dfe506292427a4dfd9

HTTP Headers

GET /wp-content/uploads/2023/12/Star-Explorers-v544-PC.jpg HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: image/jpeg
content-length: 12714
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Dec 2023 13:53:12 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPcQFTAdsyD%2FttEQrwJh5k4DVhl0H3x1GGKkLw34vuQtz8ssMd6CCNoQj6GnGPjOgSZaTm8YcOsdSSmE0zW3%2BKI5rS0mX2%2B%2FCw5jvtmDpe8ROSzS2SrNnBVlmkBRyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e569a5eb517-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.2

172.67.185.244

2.8 kB

URL
game-2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.2
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.8 kB (2799 bytes)
Hash
e65cb4d4cd399c1b09798edfcea1b41e
49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2
d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.5.2 HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:02 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Wed, 22 Nov 2023 17:26:07 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rVlZ4Owh039WGx4M7m3tezOzwsfMAvey30wGxngC%2BDlRBuDQz1hyg6Sry88mFI7C6y%2Fc%2FrhbXPnYvRgejshDTjuIwbkIl9SgwY9df9Xz70hti10CLB23Nqvc9Jh5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e4559d4b517-OSL
content-encoding: br

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

12 B

URL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1350
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 03 Dec 2023 14:17:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://game-2u.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

173.233.137.60

0 B

URL
dragnag.com/watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid= HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:04 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://game-2u.com
Access-Control-Allow-Origin: https://game-2u.com
Access-Control-Allow-Credentials: true
Location: https://dragnag.com/watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3c9c09915007b5acaddb117b3f1754e26e0a04043974ece634990eee271aa43e4ab9cd00ccf1529b11b66fbc6be5069ad0c9f6e4a9d200b2e45953c6cb5727407cf725cb3ca5deb77e165d6d2ca9ff74ec23644574e09844f70928e701d2798e617591&pst=1701613084&rmtc=t
Set-Cookie: u_pl=15236932; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTIzNjkzMiwiayI6ImI4MjA0OTZjYmUwZjUyMjQ1YjY4OTRhZTYyYzYzYmUwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMjY0MzE4LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoidWM4ajV0eGhnZiIsImNwa3MiOnsiMjgiOiIyZTU5MDEwZWU0MGJiNWVlMjk3YzJhMGVjZWRhYTIzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9nYW1lLTJ1LmNvbS8iLCJhciI6W119fQ.34ImBedUC6YOYtVCEOUdNi8IerJzaIdVH4Uxcm5arv0; expires=Sun, 03 Dec 2023 14:18:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 80250f5bca00859d3ed90fff0a983884
Strict-Transport-Security: max-age=0; includeSubdomains

game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2

172.67.185.244

20 kB

URL
game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (20675)
Size
20 kB (20122 bytes)
Hash
1aba8ea723a3b9618d79218b01622b44
0d9e2811eb76d972b652de18e8851f7ff34e9f66
45062469ef9b55e5215bb8798afffdcb6e8fd5bef5524708dd5328ad5ecce11b

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd1953e27d96b3ba0ce2 HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 18 Nov 2023 23:10:10 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dx%2FgAfYAzYFqUmBzu1ZVkKOmse%2F1n2y%2FUgrBooHJCfvlfzIsx7ogMfJBOQj6q85fudCTRYm1FfcYxh16SpVM9lSA6b5RbRxB%2BkAULPJq2ZX0DW9vQ6Nsn8JlMkjDxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e55d952b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

friendshipmale.com/sfp.js

104.21.234.33

28 kB

URL
friendshipmale.com/sfp.js
IP
104.21.234.33:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27625 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 03a164a3236442287740c325ea79cb32
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 14:17:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k7oDzCPsQTu9yjbcWH0YhvYTe7qi%2BW%2F0njnyjCtantF2XyKJrhAbjT%2FbSKD1Z9QfRScOB3eRVJa9sesK49Q1dpQkPp5dud3PCjcsz8%2FXQNdCejhwO20zUjLSwfmCm69CgrrZtY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e58de6ac01c-WAW
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dragnag.com/watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3c9c09915007b5acaddb117b3f1754e26e0a04043974ece634990eee271aa43e4ab9cd00ccf1529b11b66fbc6be5069ad0c9f6e4a9d200b2e45953c6cb5727407cf725cb3ca5deb77e165d6d2ca9ff74ec23644574e09844f70928e701d2798e617591&pst=1701613084&rmtc=t

173.233.137.60

2.1 kB

URL
dragnag.com/watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3c9c09915007b5acaddb117b3f1754e26e0a04043974ece634990eee271aa43e4ab9cd00ccf1529b11b66fbc6be5069ad0c9f6e4a9d200b2e45953c6cb5727407cf725cb3ca5deb77e165d6d2ca9ff74ec23644574e09844f70928e701d2798e617591&pst=1701613084&rmtc=t
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2528)
Size
2.1 kB (2053 bytes)
Hash
6c21423e3964f8c6a86c0ed1ccb83ad4
6201ed0d1aa3225afb10d74445ff8fae831db3d2
8f533676f5c5a393c25873100f9ff1d845753e613480c3d0e1ce9df63c083b9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.428282756678.js?key=b820496cbe0f52245b6894ae62c63be0&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3c9c09915007b5acaddb117b3f1754e26e0a04043974ece634990eee271aa43e4ab9cd00ccf1529b11b66fbc6be5069ad0c9f6e4a9d200b2e45953c6cb5727407cf725cb3ca5deb77e165d6d2ca9ff74ec23644574e09844f70928e701d2798e617591&pst=1701613084&rmtc=t HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
Referer: https://game-2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15236932; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTIzNjkzMiwiayI6ImI4MjA0OTZjYmUwZjUyMjQ1YjY4OTRhZTYyYzYzYmUwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMjY0MzE4LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoidWM4ajV0eGhnZiIsImNwa3MiOnsiMjgiOiIyZTU5MDEwZWU0MGJiNWVlMjk3YzJhMGVjZWRhYTIzYiJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9nYW1lLTJ1LmNvbS8iLCJhciI6W119fQ.34ImBedUC6YOYtVCEOUdNi8IerJzaIdVH4Uxcm5arv0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://game-2u.com
Access-Control-Allow-Origin: https://game-2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: pdhtkv=true; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1979a0ff0df2da8832b839ea2355d7b1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

2.4 kB

URL
c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (11256), with no line terminators
Size
2.4 kB (2395 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 14:17:01 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Mon, 02 Dec 2024 14:17:01 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

192.243.61.227

0 B

URL
vintageperk.com/watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid= HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:04 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://game-2u.com
Access-Control-Allow-Origin: https://game-2u.com
Access-Control-Allow-Credentials: true
Location: https://vintageperk.com/watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3289a601f665eb9c03e8ef99c7de52132edfbb763e2d73538e5c50a864fcf7862d64621ce491ab5e697d57a39d87b977e9c3fc40504d065e836ce8e0355a07cfe39b648ab7740b03c9aa67a20d1ba11e92c5a21a22d5f2e579bf4e762b454c&pst=1701613084&rmtc=t
Set-Cookie: u_pl=19052443; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA1MjQ0MywiayI6ImVlOWJmMzU2ZDYwMTMzMmEzYWNlMzljZTZkNjNhMzQ2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMjY0MzE4LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3NDdwZ2hkdSIsImNwa3MiOnsiMjgiOiI5MjZjZWY4YjQ3YzMyZjE0ZTAwZjlhNDZkOGNiNWNkZiIsIjI5IjoiMWMxODA2MTkxMjIxZWE5ODhmZjBhYjIxMjdmNmU1MDcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2FtZS0ydS5jb20vIiwiYXIiOltdfX0.CVql62UoJepe90f-TYQVIQ2wWP3dKANzlkayecv_0YE; expires=Sun, 03 Dec 2023 14:18:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 60ffda0f24f97354f8cbfd07bec89dc2
Strict-Transport-Security: max-age=0; includeSubdomains

gracesmallerland.com/pixel/purst?dl=0&th=0&sc=0&rs=3460&rd=3460&fd=575&bv=23.11.v.9&tmpl=70

192.243.59.12

0 B

URL
gracesmallerland.com/pixel/purst?dl=0&th=0&sc=0&rs=3460&rd=3460&fd=575&bv=23.11.v.9&tmpl=70
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3460&rd=3460&fd=575&bv=23.11.v.9&tmpl=70 HTTP/1.1
Host: gracesmallerland.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

vintageperk.com/watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3289a601f665eb9c03e8ef99c7de52132edfbb763e2d73538e5c50a864fcf7862d64621ce491ab5e697d57a39d87b977e9c3fc40504d065e836ce8e0355a07cfe39b648ab7740b03c9aa67a20d1ba11e92c5a21a22d5f2e579bf4e762b454c&pst=1701613084&rmtc=t

192.243.61.227

642 B

URL
vintageperk.com/watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3289a601f665eb9c03e8ef99c7de52132edfbb763e2d73538e5c50a864fcf7862d64621ce491ab5e697d57a39d87b977e9c3fc40504d065e836ce8e0355a07cfe39b648ab7740b03c9aa67a20d1ba11e92c5a21a22d5f2e579bf4e762b454c&pst=1701613084&rmtc=t
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (604)
Size
642 B (642 bytes)
Hash
dedf0e2c66930ac137557636e2ed797b
70b4aa60c3ad19f25ceb705d20047e792ed2a15f
77751df7496d1ecc17474f3f79745995eaefd32d69412a00289eb2d48be8a551

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1533847631107.js?key=ee9bf356d601332a3ace39ce6d63a346&kw=%5B%22game-2u%22%2C%22com%22%2C%22-%22%2C%22download%22%2C%22last%22%2C%22games%22%2C%22for%22%2C%22pc%22%2C%22iso%22%2C%22xbox%22%2C%22360%22%2C%22xbox%22%2C%22one%22%2C%22ps2%22%2C%22ps3%22%2C%22ps4%22%2C%22pkg%22%2C%22psp%22%2C%22ps%22%2C%22vita%22%2C%22android%22%2C%22mac%22%2C%22nintendo%22%2C%22wii%22%2C%22u%22%2C%223ds%22%5D&refer=https%3A%2F%2Fgame-2u.com%2F&tz=0&dev=e&res=14.3095&uuid=&shu=3289a601f665eb9c03e8ef99c7de52132edfbb763e2d73538e5c50a864fcf7862d64621ce491ab5e697d57a39d87b977e9c3fc40504d065e836ce8e0355a07cfe39b648ab7740b03c9aa67a20d1ba11e92c5a21a22d5f2e579bf4e762b454c&pst=1701613084&rmtc=t HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
Referer: https://game-2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19052443; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA1MjQ0MywiayI6ImVlOWJmMzU2ZDYwMTMzMmEzYWNlMzljZTZkNjNhMzQ2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMjY0MzE4LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3NDdwZ2hkdSIsImNwa3MiOnsiMjgiOiI5MjZjZWY4YjQ3YzMyZjE0ZTAwZjlhNDZkOGNiNWNkZiIsIjI5IjoiMWMxODA2MTkxMjIxZWE5ODhmZjBhYjIxMjdmNmU1MDcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZ2FtZS0ydS5jb20vIiwiYXIiOltdfX0.CVql62UoJepe90f-TYQVIQ2wWP3dKANzlkayecv_0YE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://game-2u.com
Access-Control-Allow-Origin: https://game-2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: iprc90b351a5a1c2186ebbb2c4a245ecd1d6=2717340; expires=Mon, 04 Dec 2023 16:17:04 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 04 Dec 2023 14:17:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e88c6517c70537d2f0ef5ee92cd2f60
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
68decb365c588b0f4fe2ade7bf5e80da
aa411e05b8f278f84fbfc0bc2dbb72d26bc29ec8
a47bb006c7a4a9c1773e465ceebc5f6399fc91c8416c10c0eed65000370ace88

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: uid_id2=84fdd3c7-0f8b-4c10-9870-24cc48cbc07e:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://game-2u.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
68decb365c588b0f4fe2ade7bf5e80da
aa411e05b8f278f84fbfc0bc2dbb72d26bc29ec8
a47bb006c7a4a9c1773e465ceebc5f6399fc91c8416c10c0eed65000370ace88

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://game-2u.com
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: uid_id2=84fdd3c7-0f8b-4c10-9870-24cc48cbc07e:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://game-2u.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/89/3b/3e/893b3e37cbe4e7db1af134ac208f80a3/1667212150.gif

45.133.44.10

66 kB

URL
cdn.cloudimagesb.com/bi/89/3b/3e/893b3e37cbe4e7db1af134ac208f80a3/1667212150.gif
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
GIF image data, version 89a, 728 x 90\012- data
Size
66 kB (66304 bytes)
Hash
52f9e79a3949ba97db30bde4d6f4d1c3
df0994b2898d733d1fb41a668eee7b3442d9e93a
734235a0a165d976d922ca547346df80570950c320e33a4001beb70dcd7059f8

HTTP Headers

GET /bi/89/3b/3e/893b3e37cbe4e7db1af134ac208f80a3/1667212150.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:05 GMT
content-type: image/gif
content-length: 66304
server: nginx/1.21.6
last-modified: Mon, 31 Oct 2022 10:29:18 GMT
etag: "635fa37e-10300"
expires: Tue, 05 Dec 2023 14:17:05 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2e59010ee40bb5ee297c2a0ecedaa23b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14

192.243.59.12

1 B

URL
unseenreport.com/pxf.gif?uuid=&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2e59010ee40bb5ee297c2a0ecedaa23b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2e59010ee40bb5ee297c2a0ecedaa23b&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:05 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: afbe567b598a954c6c6deb8e80dc6c76
Strict-Transport-Security: max-age=0; includeSubdomains

tzegilo.com/stattag.js

104.21.11.245

8.7 kB

URL
tzegilo.com/stattag.js
IP
104.21.11.245:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (18369)
Size
8.7 kB (8745 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 452
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1xN6mHfODMfv9nW8r%2BrSHHXaP9whe6KCk8NpExLz8XNE0ajIwaHZsDIs5Hok8nexrS5CydeZFljX9Z7%2FxNiMyw5uf4BFUJMFH20h3ZX%2BYT5qvHUBLhUy4u4NBPG%2F4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e586a08b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE5MDUyNDQzJnBzdD0xNzAxNjEzMDg1JnJlZmVyPWh0dHBzJTNBJTJGJTJGZ2FtZS0ydS5jb20lMkYmcm10Yz10JnNodT01MjQxZDUxOTdjYjIwOTc3ODNjOThlYzM1ZDc3MDczYmRmZGE5MGY4NTRjN2FlNzVmYWE5Njc3YmNmZTQzZTBkMmQ4NGRkMDQwNmM3ZTAzYTU0ZWEwMjhmNDZiZDBhMWZkYjZjYzY0YjdkMTU3ZjllN2ZhY2FmMTNlNDYwYTIyOThjMzQ4NjFjOTgwOTQ3YWY3OTI3YzcxNjc0MzM2Mjg2YmZlMTRkNGM0YzQ0NDQ1ZjMxNDg1YTE4OWQ%3D&uuid=&pii=&in=false

192.243.59.20

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE5MDUyNDQzJnBzdD0xNzAxNjEzMDg1JnJlZmVyPWh0dHBzJTNBJTJGJTJGZ2FtZS0ydS5jb20lMkYmcm10Yz10JnNodT01MjQxZDUxOTdjYjIwOTc3ODNjOThlYzM1ZDc3MDczYmRmZGE5MGY4NTRjN2FlNzVmYWE5Njc3YmNmZTQzZTBkMmQ4NGRkMDQwNmM3ZTAzYTU0ZWEwMjhmNDZiZDBhMWZkYjZjYzY0YjdkMTU3ZjllN2ZhY2FmMTNlNDYwYTIyOThjMzQ4NjFjOTgwOTQ3YWY3OTI3YzcxNjc0MzM2Mjg2YmZlMTRkNGM0YzQ0NDQ1ZjMxNDg1YTE4OWQ%3D&uuid=&pii=&in=false
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE5MDUyNDQzJnBzdD0xNzAxNjEzMDg1JnJlZmVyPWh0dHBzJTNBJTJGJTJGZ2FtZS0ydS5jb20lMkYmcm10Yz10JnNodT01MjQxZDUxOTdjYjIwOTc3ODNjOThlYzM1ZDc3MDczYmRmZGE5MGY4NTRjN2FlNzVmYWE5Njc3YmNmZTQzZTBkMmQ4NGRkMDQwNmM3ZTAzYTU0ZWEwMjhmNDZiZDBhMWZkYjZjYzY0YjdkMTU3ZjllN2ZhY2FmMTNlNDYwYTIyOThjMzQ4NjFjOTgwOTQ3YWY3OTI3YzcxNjc0MzM2Mjg2YmZlMTRkNGM0YzQ0NDQ1ZjMxNDg1YTE4OWQ%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTkwNTI0NDMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9nYW1lLTJ1LmNvbS8iLCJhciI6W119fQ.7r5DYox9MAhwU1-KgOsXRFXNKOwKa0IG-LBvjr54L1M; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3009ffda74a407b54f3c468b406b477a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprc47a7f0859b73a11f492fdd7f85b9d8ae=4641329; expires=Mon, 04 Dec 2023 14:17:06 GMT
pdhtkv=true; expires=Mon, 04 Dec 2023 14:17:06 GMT
uncs=1; expires=Mon, 04 Dec 2023 14:17:06 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 14:17:06 GMT
uncs28=1; expires=Mon, 04 Dec 2023 14:17:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 82bd2038be691b748cc10f8c84a0f179
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3009ffda74a407b54f3c468b406b477a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3009ffda74a407b54f3c468b406b477a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=3009ffda74a407b54f3c468b406b477a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 03 Dec 2023 14:17:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9rn1nb41z; expires=Mon, 04-Dec-2023 14:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9rn1nb41z-h9rn1nb41z-hq1m-0-q5a4bl-ftxofe-ft8pdz-479228; expires=Mon, 04-Dec-2023 14:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=ed329h9rn1nb41z50b&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=ed329h9rn1nb41z50b&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=ed329h9rn1nb41z50b&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=ed329h9rn1nb41z50b&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 03 Dec 2023 14:17:07 GMT
content-length: 0
location: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=e6829c03-4fb4-4945-9dec-edd728e1224b; expires=Wed, 03 Dec 2025 14:17:07 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EecqGXv1e%2F%2FPnCD3AoqAE1B%2FoABZeo9ZcxJ83uSh0Z9Il%2FIXXyiujC9YzOTjlG8lNoqlVLa58u%2F1Uo0hD4SGpdayd8jDhkuL7FHY5ndG0Pe0ZvCXYldRdOAuJN6RXAswKjeVE3IbYy29YBvA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e6b8948712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/assets/1.png

104.21.3.144

11 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/1.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 351
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQ%2Fr7Q5XDK8DPSSkk3%2FQP8xfphII1pn4W1BfLw%2FfCN%2BMuJdy0ZPnVW9WSmZF1DLwOLmkv%2FYVLs84PtoYFt%2FaZzMlI6%2Fd2%2FD%2BVLI4eRbA05qjnEnxtSVvJnoorxW0gaIn09Nzg%2Bcbhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e6d395156bf-OSL
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/eyes-robot/assets/2.png

104.21.3.144

1.1 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/2.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 351
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWMc3NKCfzSmAPnSrqtjHRzMlqnA5FSmdRoE2ci0Axr4whBwliiJl61n1tOFrSuO%2FwgfQNvP7RA66T6R0rRvRGs6QZhJkvBKSxeHGhahUC%2B3Nh3kAV2tX5wt%2F%2BGt91u828HwXzkUVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e6d395256bf-OSL
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/eyes-robot/assets/trls.js

104.21.3.144

13 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/trls.js
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
13 kB (12776 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wu1APhDuDyNkJ80754jppMuos7Tm%2B6PZZkGfRrfTd5NVrC0X3sXota2BKnCsm5YfOXyvK2fZlm9rw7xeR5xJ37B9FwDd8%2FhuMLZZXRg22eo1ZPeco4u50yjQpv0lXBRSAMR8rujIUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e6d394e56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/favicon.ico

104.21.3.144

0 B

URL
vvfal.veinmaster.top/favicon.ico
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 03 Dec 2023 14:17:07 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uUv%2BTrXClNwAswOHfRHcihDA7GGa8EBcrKztox%2BFPE5zX%2BkCabZTnCwa0Un9ie2QLufh0xq6zSxNc2GJxu%2BOImy1W3aPw0q1pCjK64xNbc2Rr8J2cMpjQui33isw6sQaKM0UxV17w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e6e5a2056bf-OSL
alt-svc: h3=":443"; ma=86400

game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c

172.67.185.244

28 kB

URL
game-2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c
IP
172.67.185.244:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (36679), with no line terminators
Size
28 kB (27491 bytes)
Hash
630849b189e71c07dffd8e950ad5df61
0cf84643eb1ab678ff8fe3087219018a1e08ab90
c33a5b5aef7f8a222e2030279a3e4089869473692ed51ba99cd4a26457b2477d

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=51faa0beb0a072f9ab2c HTTP/1.1
Host: game-2u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://game-2u.com/
Cookie: _ga_17Y9MG0KT2=GS1.1.1701613027.1.0.1701613027.0.0.0; _ga=GA1.1.561689510.1701613028; _ga_BDK88G3QWJ=GS1.1.1701613027.1.0.1701613027.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:04 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 18 Nov 2023 23:10:10 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VCWW5RdEzldjLPQykDseN3VRjb7eTjzQnEFMSOZXlaNawp9OHn4zuGJlmDJ1E2uM12tI4DNk%2B5JxX1e8NzbNuZcwykqH3FMakN6SuhVQkEAOt6peHcq0WtJK%2F%2FOaBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e55d951b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 292295
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.veinmaster.top/eyes-robot/assets/1.png

104.21.3.144

11 kB

URL
a.veinmaster.top/eyes-robot/assets/1.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 350
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=97NbbUjFnI3u6OhwSBm1yJAu6ecxO0C6chH%2FqXeNs%2Fa6lnn%2BARfbjj%2Fr5wpAEwIbNhM5%2FJ4kDxhJxWe6%2Fj8RK7U8d6%2BQ9O9AZsSxZrrKVLXtezr8ipMHuH4M41OhObb5jdbB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e70cbe356bf-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/eyes-robot/assets/2.png

104.21.3.144

1.1 kB

URL
a.veinmaster.top/eyes-robot/assets/2.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 350
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQeXTLWKbbdSJb4pG4wlamaS3m4Rn73caORn9%2FokUjb997Ftm59n3112NNjhIeEX2EHOFMpNn2aZKlYst5Z0YNriaGAtXOEafFxiel7TMitYO7XqdkTW9OnZ%2BT2Sxx3u1hzv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e70cbe456bf-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/eyes-robot/assets/trls.js

104.21.3.144

13 kB

URL
a.veinmaster.top/eyes-robot/assets/trls.js
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
13 kB (12776 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 350
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S922yPzsMIA5ulcqy4j8pTzzqVVbopPem%2B1DnDZbKQeAaZBGI5z2Zk2GXU3fSVcJNNk%2Foe2nZKEDxipIyXSpsnixKZmb4qntcitCF93ttQs9KnXSH9CakXC97%2FwKQQY%2BShBD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e70cbe156bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/favicon.ico

104.21.3.144

0 B

URL
a.veinmaster.top/favicon.ico
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sun, 03 Dec 2023 14:17:08 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 405
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S2AyoaJs%2F5VwSljK72d%2FbLFWmF29njQ1gbHhFz7gbb%2BN%2Fr8QMCubvyX2P5eQN9rOMrhY0bFLmWfW1NeCfwd%2FbKziVAyj7L2JXswAoJOcOpS0fh3y10lSd9LkW01tbSm9DQeR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e715c6756bf-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 288514
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 292296
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d

173.233.139.164

1.3 kB

URL
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (412)
Size
1.3 kB (1341 bytes)
Hash
ce9b5c8e93d583fd258068c14de7738d
acb6fbd160a378869da28707d2df71cc2c96fd75
47c581fc0a2d551ad31ccd6cc4b02e93287ac870b779b91e436002b3153b2529

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 14:17:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Mon, 04 Dec 2023 14:17:09 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; expires=Sun, 03 Dec 2023 14:18:09 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4f10a82425c1565734ea2644cd21775
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjEzMDg5JnJtdGM9dCZzaHU9NjMwOTU5MGI5MTAwNTYzNmViMzk1M2U2NmIwMThhY2IwZDBhMDBkODcyMjZkZTM5MTljMDE2MzIzNWMxZTdhMWRiMjgxMThhODlhZWNjN2ExMGJkNDZkZGY5ZTA3MzI0MWQ0NGRiYjgzNDJlNDdiMmI4MmE0Y2FkMGUxNzM3YTJkYjAwY2NkZDJmZWE0NTc1ZThhYjA0YjI2YjFlOGI2MDk1ODJlN2JkZTEwYzYyMDRhYzBlYzBmMDU3ZmI0MGMy&uuid=&pii=&in=false

192.243.59.20

302 Found

0 B

URL User Request GET HTTP/1.1
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjEzMDg5JnJtdGM9dCZzaHU9NjMwOTU5MGI5MTAwNTYzNmViMzk1M2U2NmIwMThhY2IwZDBhMDBkODcyMjZkZTM5MTljMDE2MzIzNWMxZTdhMWRiMjgxMThhODlhZWNjN2ExMGJkNDZkZGY5ZTA3MzI0MWQ0NGRiYjgzNDJlNDdiMmI4MmE0Y2FkMGUxNzM3YTJkYjAwY2NkZDJmZWE0NTc1ZThhYjA0YjI2YjFlOGI2MDk1ODJlN2JkZTEwYzYyMDRhYzBlYzBmMDU3ZmI0MGMy&uuid=&pii=&in=false
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNjEzMDg5JnJtdGM9dCZzaHU9NjMwOTU5MGI5MTAwNTYzNmViMzk1M2U2NmIwMThhY2IwZDBhMDBkODcyMjZkZTM5MTljMDE2MzIzNWMxZTdhMWRiMjgxMThhODlhZWNjN2ExMGJkNDZkZGY5ZTA3MzI0MWQ0NGRiYjgzNDJlNDdiMmI4MmE0Y2FkMGUxNzM3YTJkYjAwY2NkZDJmZWE0NTc1ZThhYjA0YjI2YjFlOGI2MDk1ODJlN2JkZTEwYzYyMDRhYzBlYzBmMDU3ZmI0MGMy&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 14:17:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Mon, 04 Dec 2023 14:17:10 GMT
uncs=1; expires=Mon, 04 Dec 2023 14:17:10 GMT
pdhtkv28=true; expires=Mon, 04 Dec 2023 14:17:10 GMT
uncs28=1; expires=Mon, 04 Dec 2023 14:17:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c4f1127d1e56811214db79785770f95
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905

13.107.213.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 03-Dec-3022 14:17:11 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0541sZQAAAABYV3e2L9DPS6Mi1f1w0l6pU1ZHMjBFREdFMDUxNwAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Sun, 03 Dec 2023 14:17:10 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 03 Dec 2023 14:17:11 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node0b6w62n6aiiugz9m3tan8fc3l6434339.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; Path=/; Domain=.unibet.com; Expires=Tue, 02-Dec-2025 14:17:11 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Tue, 02-Dec-2025 14:17:11 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Tue, 02-Dec-2025 14:17:11 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 03 Dec 2023 14:17:11 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sun, 03 Dec 2023 14:17:11 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 03 Dec 2023 14:17:11 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sun, 03 Dec 2023 14:17:11 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e89ab420b49-OSL
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Size
1.5 kB (1473 bytes)
Hash
730e6377072b77d80bca30d96fb63b27
64bf5fa49e24ff2f79ad9152f3ef7bd7baab5ad0
bb461ad12e6f931815042b57a447b64e8d3a06d1576c1f7c79b9c7e5a42a8b34

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e896b010b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 381183
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/assets/style.css

104.21.3.144

1.7 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/style.css
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1676 bytes)
Hash
a18afa3eac509b6062c9362a725ac421
5e06e9b3af42189e9456a7ea3bda665e10c86405
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=ed329h9rn1nb41z50b&sub_id=16122660&nrid=fb0164e48c804c4a8a37bc50cd649b95&hash=ohiDigBo1dVXllxrb78R2Q&exp=1701613327
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:07 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-cf6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42AkRmg2od4SqkIwfNKGHVQkVQhoa9z4ve5l%2F%2FQ9bKvPKZxXtANpwdh5NoDdl8f5pu9vzMezFP3hvFPEj7aTIs%2B3LiwbSMuXXiOO0ZrWy5dxgJYLN6hqd3wsya7Bzg1TAwv6PY0Nyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e6d394f56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnstatic.veinmaster.top/ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&sub_id=16122660&click_id=ed329h9rn1nb41z50b&nrid=19d0c972ac366b381a045faeb6b94677&reason=tb_exit&attempt=2

104.21.3.144

2.7 kB

URL
cdnstatic.veinmaster.top/ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&sub_id=16122660&click_id=ed329h9rn1nb41z50b&nrid=19d0c972ac366b381a045faeb6b94677&reason=tb_exit&attempt=2
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
2.7 kB (2699 bytes)
Hash
d4104832ff18ef8205fd59e3c834ea05
8aa2df5da3e309988c42cd7086e58d13b94c3383
9c3e771c25e43845931dbd1a924081edcb5a3b9addc85e73212fbf568d082fd2

HTTP Headers

GET /ps/tb?id=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&sub_id=16122660&click_id=ed329h9rn1nb41z50b&nrid=19d0c972ac366b381a045faeb6b94677&reason=tb_exit&attempt=2 HTTP/1.1
Host: cdnstatic.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Cookie: __psu=357d709b-31ea-433f-823f-1ce4cb02e4f5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 14:17:08 GMT
content-type: text/html
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZcmEt0odim%2B0kk5G9NZnY8kySnDvv20J%2BTffxYEqraQjMhFbgEnbpe6tJsE6T7OD7PIiXVMpYZGcmFTjpIn9isApbxKTJtI4boSY0lpVqT8KHQUSL5dsNOHgbDqV%2B%2B0ajANOizu2jVz%2F4g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e721d3f56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:33:53 GMT
expires: Thu, 28 Nov 2024 17:33:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 333799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

200 OK

10 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
10 kB (10075 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e89cb600b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 374834
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 82fc6e8bec920b49-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 203877
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.140.13

200 OK

23 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
23 kB (22772 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 289712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOC7TggjSdy93JTH2mUKN5y4k5dg1%2BN7OKOliTUawyKBmwa5UGVdDblnMWzYeXYyXvliHm91siMAQdh5lne339vwCYei2tnKjtNp4gomg72vPFyimM84RjOA%2FZko1h9JrhRwgfak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e8a9b9124e6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

172.64.144.152

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Size
1.1 kB (1082 bytes)
Hash
f64e07dc4e791d707923de158a7ad439
17b1069ca64b16e2c16e56bc638fd3df5c9634aa
323e94b4a6a0b33de9b79d4dac91274635e005ba31335ac6f961af518f976ffe

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e899b280b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 301142
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.140.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 461880
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7DtRC6y5X0TMDh8KYDzaEqd%2BjQuW0oDHyuENe5Rfyt9n3pHo%2FBDHH%2FnHwGm8Q2KGELMTN2Wb7LaXPpajvlPWWirXmfxp0kMnDm9i902Va0tgnlbbSZaCPV3CxO6pKlwhe%2FOSUMn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc6e8c5e3e24e6-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

20 kB

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data\012- data
Size
20 kB (20409 bytes)
Hash
4a044cf0db04fc3c0d4b06808b62c753
9a6beae4ff1e355bddaf41588dd9540c6cd226b3
9399ad097a43898eda7fa7ded6ee7133a6b2e60c28417e5c2f70c0f94a1c7612

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: text/html;charset=utf-8
x-request-id: 75caf27fb91cc43ecc5051d1b2e0b3d4
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Sun, 03 Dec 2023 14:18:12 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

83 kB

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data\012- data
Size
83 kB (82901 bytes)
Hash
76b9494efac9da5e8b437c43cf282540
eb2572d336386c4da30fa5843b4fabce8c93a499
3a54fec23757b7d0648e555f88af5c33d2d61a14decf07b147e0fee3c4c90beb

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: text/html;charset=utf-8
x-request-id: ca979b836f1c0b62b6581d36fc320f6d
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Sun, 03 Dec 2023 14:17:11 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 23:43:03 GMT
expires: Tue, 26 Nov 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 484449
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.3 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.3 kB (1286 bytes)
Hash
99ae479968b693be31fa411016870fbc
f5540f1a83662040e1814c5845821ba28cffb472
06d78523cec8ec652da55ec22a958ac15a1e687c186183e2b4543a3f6677b3c0

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.106

200 OK

17 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
17 kB (16598 bytes)
Hash
7605a374650d9398c4892780edb76fc3
79be455a24ffec86f4c137b5bc64e8e796e9873f
34b689e481b0c7c3d4c0f563c4986d78e2d78a0c0c9ad56b6aa1fddda3d73524

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 14:17:12 GMT
date: Sun, 03 Dec 2023 14:17:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:31 GMT
expires: Fri, 29 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 292301
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82fc6e8c3cbc0b49-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 302525
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e899b270b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 292603
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

15 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
15 kB (14810 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82fc6e8b6c540b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 195212
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.48.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e8fee9b712f-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: text/css; charset=utf-8
cf-ray: 82fc6e894af20b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 289751
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.48.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e8fee8c712f-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

172.64.144.152

200 OK

807 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Size
807 B (807 bytes)
Hash
f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e897b0e0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 374758
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192188 bytes)
Hash
92d171495e439f65242c49fe1ab31fcb
fab0faf1ea3cb1e57e0bffbbdcffb6422be0c71f
88d5724ba1c2bb46163f114514f8cee2e24c05545a5e2449c3786d4113b13d68

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 03 Dec 2023 14:17:12 GMT
expires: Sun, 03 Dec 2023 14:17:12 GMT
cache-control: private, max-age=900
last-modified: Sun, 03 Dec 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67304
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.48.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc6e8fde86712f-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

172.64.144.152

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82fc6e895afd0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 206420
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

172.64.144.152

200 OK

5.9 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (6078), with no line terminators
Size
5.9 kB (5881 bytes)
Hash
f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: application/javascript
cf-ray: 82fc6e896aff0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 302619
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:53:07 GMT
expires: Fri, 29 Nov 2024 04:53:07 GMT
cache-control: public, max-age=31536000
age: 293045
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 03 Dec 2023 14:17:11 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82fc6e894af30b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 111873
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

172.64.144.152

200 OK

966 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Size
966 B (966 bytes)
Hash
60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e899b2a0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 304764
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e899b2c0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 196129
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
16 kB (15888 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e898b180b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 209078
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

172.64.144.152

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: image/svg+xml
cf-ray: 82fc6e899b260b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 296906
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

172.64.144.152

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: image/x-icon
cf-ray: 82fc6e8d3d2b0b49-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 374688
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210659080075%7c1%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:12 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521

172.64.144.152

200 OK

17 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701613031216)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231231417%22%7d%5d; __ucbt=node0b6w62n6aiiugz9m3tan8fc3l6; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_44E40BEF88504441BE229B5E0FFF2E7C; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_44E40BEF88504441BE229B5E0FFF2E7C%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 14:17:11 GMT
content-type: text/html; charset=utf-8
cf-ray: 82fc6e8709ce0b49-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: d863d925-901e-004e-42f3-253c8a000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_44E40BEF88504441BE229B5E0FFF2E7C;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML