Report - www.usroid.com/vi/my-boy-gba-emulator/

Report Overview

Visited public
2023-12-05 14:49:45
Tags
URL
www.usroid.com/vi/my-boy-gba-emulator/
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
IP / ASN
104.26.12.205
#13335 CLOUDFLARENET
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.profitablecreativeformat.com	unknown	2023-07-31	2023-08-01 21:50:05	2023-12-01 21:48:58	1.4 kB	35 kB	173.233.137.36
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-04 14:27:51	32 kB	363 kB	104.18.43.104
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-12-04 14:27:52	606 B	5.5 kB	104.40.147.180
edgychancymisuse.com	unknown	2023-11-28	2023-11-28 18:09:49	2023-12-03 23:45:53	3.0 kB	6.0 kB	173.233.137.60
nanhermione.com	unknown	2023-11-28	2023-11-28 13:07:24	2023-11-30 15:10:26	2.1 kB	3.4 kB	173.233.137.44
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-12-05 05:55:22	580 B	578 B	142.250.74.67
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-12-05 07:50:09	1.5 kB	33 kB	104.16.80.126
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-04 04:40:05	593 B	1.4 kB	13.107.213.53
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-05 07:37:50	921 B	22 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-05 06:14:20	3.4 kB	106 kB	142.250.74.3
cdn.usroid.com	unknown	unknown	No data	No data	5.5 kB	288 kB	172.67.74.152
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-04 18:39:56	441 B	421 B	18.157.140.81
rotundfetch.com	unknown	2023-11-28	2023-11-28 21:49:14	2023-12-04 13:42:27	3.0 kB	6.3 kB	192.243.61.225
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-12-05 05:10:23	909 B	445 B	216.239.32.36
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-05 11:19:54	906 B	289 kB	45.133.44.9
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-05 07:50:07	2.9 kB	1.1 kB	85.184.96.5
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-05 05:14:35	1.0 kB	130 kB	172.64.140.13
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-05 06:24:59	870 B	279 kB	142.250.74.168
pluralpeachy.com	unknown	2023-11-28	2023-11-28 10:13:59	2023-12-04 07:59:30	3.0 kB	4.5 kB	173.233.137.36
www.usroid.com	unknown	2020-05-12	2021-02-26 19:03:12	2023-11-07 23:18:27	543 B	5.3 kB	172.67.74.152
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-04 15:51:10	2.5 kB	4.0 kB	173.233.139.164
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-04 18:12:03	5.7 kB	164 kB	85.184.96.28
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-05 08:15:49	445 B	31 kB	142.250.74.74
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-04 05:11:06	1.4 kB	1.7 kB	85.184.96.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	pluralpeachy.com	Sinkholed
2023-12-05	medium	edgychancymisuse.com	Sinkholed
2023-12-05	medium	rotundfetch.com	Sinkholed
2023-12-05	medium	pluralpeachy.com	Sinkholed
2023-12-05	medium	edgychancymisuse.com	Sinkholed
2023-12-05	medium	nanhermione.com	Sinkholed
2023-12-05	medium	rotundfetch.com	Sinkholed
2023-12-05	medium	conqueredallrightswell.com	Sinkholed
2023-12-05	medium	conqueredallrightswell.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 09:25 Last Seen2023-12-05 22:04 Times Seen7 Hash b0b4175cf14760a93648ab9e369691d7 d3b79412060af66ad5bd72ea25369c32b3ae660d b9911b8bf9f2f33346cf4c46a52ca05130755b370396d5fd93a6390a4629c7f8 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	92 B	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5784 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:06 Times Seen57428 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5795 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908	ScriptElement	364 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5771 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

		Size	First Seen	Last Seen
	#1 Eval - e44bef07ac689f1f91bfb885b171c202	2.1 kB	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash e44bef07ac689f1f91bfb885b171c202 7ec5426f7757a78126518c1dd630e05755454afe f552d9572c68b5847683374fa1cac0942e345455d1075dffee82f203d3c48052 Loading...

	#2 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#3 Eval - a5c5868c529096331319b0ff3769ba44	471 B	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash a5c5868c529096331319b0ff3769ba44 58e67d70d5bbf0c0fe51ed777f4d96bc9841abaf 9933acce54f033342e91829020604686a047e7b2c374ef7736aecfb03afbb68d Loading...

	#4 Eval - 3bc28aa350db9903b3fda32099c42692	2.1 kB	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash 3bc28aa350db9903b3fda32099c42692 d025aa8e6e0280f700512a082097ed4fbb72ba06 74edacd7c2da500446220365a9bf079d876453e243ada4287a5fa485fbbd55c2 Loading...

	#5 Eval - 7e0418a4654a26ed1d45a7f4289ac0a7	2.1 kB	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash 7e0418a4654a26ed1d45a7f4289ac0a7 20e93f53cd5cf12fb059f464d8a2460e3df82c03 87cdd6d8a19df554ac3fe69bdb7962bac6695faf761ac1a6602958d13cd4d471 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5d61aea646831bfa14c762092e8541b5	124 B	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash 5d61aea646831bfa14c762092e8541b5 a4f8bd69036858761735358ad9904214f00c29da e6908003fe36af9fda87b05b5bc6564d3d6bd2cd5aa01539ea03b563f333982f Loading...

	#2 Write - 5b7d1533000c86a2b8bcc77a83134fa6	124 B	2024-08-20 16:40	2024-08-20 16:40
Pretty Observations First Seen2024-08-20 16:40 Last Seen2024-08-20 16:40 Times Seen1 Hash 5b7d1533000c86a2b8bcc77a83134fa6 c73bfcedcf5a686923e2b6786f316185f14829c8 705193b833326488737f269878954e4c95a9259336b341680bb2421bea87a7ba Loading...

	#3 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (73)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=G-WCQBDK7SM6

142.250.74.168

86 kB

URL
www.googletagmanager.com/gtag/js?id=G-WCQBDK7SM6
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3034)
Size
86 kB (85471 bytes)
Hash
c9311df0a631e92f843563044b9b6d0a
b40978b39be0695c4eda20c3266b51e348fa20ea
a9eef8a6fcfc987401bbaf7ee1a2c8865ab3966103f0ab415811968691a1274b

HTTP Headers

GET /gtag/js?id=G-WCQBDK7SM6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 14:49:27 GMT
expires: Tue, 05 Dec 2023 14:49:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85471
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Noto+Sans:wght@400;700&display=swap

142.250.74.106

14 kB

URL
fonts.googleapis.com/css?family=Noto+Sans:wght@400;700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
14 kB (14048 bytes)
Hash
67383751d3941878cea1143791febe02
dc1789fcba962fddb90cc67cb7f3abb35954740c
36bf27c57426cabc554c086b4a3ba5490b4a855e708ca4dd61b0d00ae9ba3a10

HTTP Headers

GET /css?family=Noto+Sans:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 14:49:28 GMT
date: Tue, 05 Dec 2023 14:49:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9V6VLKzA.woff2

142.250.74.3

5.4 kB

URL
fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9V6VLKzA.woff2
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5412, version 1.0\012- data
Size
5.4 kB (5412 bytes)
Hash
bde03f4502f623c38a355add83bd7ba9
11acdd870b2b9b8f0596c634230b36a339d13520
7fa5e6cbc423e471746d0b1d391814c2473316e98f53be70e64a3f647b7296c6

HTTP Headers

GET /s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9V6VLKzA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:20:46 GMT
expires: Tue, 03 Dec 2024 23:20:46 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 20:08:59 GMT
content-type: font/woff2
age: 55722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9U6VLKzA.woff2

142.250.74.3

41 kB

URL
fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9U6VLKzA.woff2
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 41376, version 1.0\012- data
Size
41 kB (41376 bytes)
Hash
62b357a76a3b71aaa1775424a5c6d814
c0dacd67191cd31e355a273c94f5f1ef72e1fb45
0471a144cd7a8e0a18601bfd4dc694dc3a16ce184c27c327d95244298563c7bf

HTTP Headers

GET /s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9U6VLKzA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 41376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 21:26:06 GMT
expires: Fri, 29 Nov 2024 21:26:06 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 20:09:02 GMT
content-type: font/woff2
age: 408202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.usroid.com/wp-content/themes/usroid/assets/images/header-pattern.jpg

172.67.74.152

2.5 kB

URL
cdn.usroid.com/wp-content/themes/usroid/assets/images/header-pattern.jpg
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1850x93, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
2.5 kB (2464 bytes)
Hash
22609cb0100b82ac2811c7253d95abda
b9b87d2ad529411010e474a17639c3fe880915fa
24b384672959e257f6aa307d43cded6be4fd2d106949778087c26f890f221e8d

HTTP Headers

GET /wp-content/themes/usroid/assets/images/header-pattern.jpg HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.usroid.com/wp-content/litespeed/css/adf893e884aeef7962ac54ff552cfba7.css?ver=bb266
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:28 GMT
content-type: image/webp
content-length: 2464
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=6154
content-disposition: inline; filename="header-pattern.webp"
vary: Accept
cache-control: public, max-age=604800
etag: "180a-65494269-b95226;;;"
expires: Mon, 27 Nov 2023 13:29:34 GMT
last-modified: Mon, 06 Nov 2023 19:45:45 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzKW2pV4JqC4%2BpUEbGjubqcblwn0qoCyMR7U4mbWEptAwCss5YRVuZDOMrK6zXSEBGn8UnmMA9jdKgHQLRi0N1g5e5QdYhUH%2BHLo08bZ5eC%2Bk%2FFFtEUs%2FknV1ivQr6iA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d1891dac9b51d-OSL
alt-svc: h3=":443"; ma=86400

www.profitablecreativeformat.com/293272968864e24360271cd289874c43/invoke.js

173.233.137.36

11 kB

URL
www.profitablecreativeformat.com/293272968864e24360271cd289874c43/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29595), with no line terminators
Size
11 kB (10905 bytes)
Hash
6dca5168ff0923f682c5e19be1aa430b
7f0ab5a852ed3b3885a8f665957dcd7da7ad7f02
74de31c36df2a816d810f111aba2dde33e3a7fa65be41a59564b9aee64b9d0e6

HTTP Headers

GET /293272968864e24360271cd289874c43/invoke.js HTTP/1.1
Host: www.profitablecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61fcf103fb862ca335bbfb3806561b95
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.140.81

40 B

URL
proftrafficcounter.com/stats
IP
18.157.140.81:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
46525ba77dc098c302cc39c7d7aa0f05
5f13444c82409be20a8d97d5e89698b246dd3b83
14ecbaeac1e18821e1ecea7b2b22164e0312fd9c95dcf273bf02af17afcadb54

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.usroid.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=df630363-3442-447e-bc2b-fabbc32e4028:1:1; expires=Fri, 02 Dec 2033 14:49:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdn.usroid.com/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js

172.67.74.152

16 kB

URL
cdn.usroid.com/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (12075), with no line terminators
Size
16 kB (15810 bytes)
Hash
45943f1d780bd7d9db946bdc5ed14a5a
41a42d3c32fe16108eb653ae903ae1fb86b7e5a8
6f58202a14e2dcb4c672d6e9f0881ddc2b4e88225a97aadd940400a7377ee02d

HTTP Headers

GET /wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:27 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Mon, 27 Nov 2023 13:19:56 GMT
etag: W/"2f42-65494266-b91888;;;"
last-modified: Mon, 06 Nov 2023 19:45:42 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IOoDOQmFlUdkX4TLDcRsMgvhtvnxxq8kkNkksboib6Rxyf4z7zdOtA8UDA6fmuUofUvjHlDxdraBMUsKyBSXe0YPodcQ9t7MvlyLxKCM2VsjnJxoExwJ1IHf%2FZsyJPo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d188c6b92b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.profitablecreativeformat.com/955b0b4de689f4a0e9644788a4e4afc3/invoke.js

173.233.137.36

11 kB

URL
www.profitablecreativeformat.com/955b0b4de689f4a0e9644788a4e4afc3/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29592), with no line terminators
Size
11 kB (10906 bytes)
Hash
7587d469076bccf91965753c1778ba3a
cf8755f06e2d2a717bd9a361dad1bc3260f5fe0b
054189dbce592665bd99e1bd6f9dcb58ff67de0345624c7888325a1e5fa56437

HTTP Headers

GET /955b0b4de689f4a0e9644788a4e4afc3/invoke.js HTTP/1.1
Host: www.profitablecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8cfcfdc68d9198dceb156ff8e8a816c0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.profitablecreativeformat.com/955b0b4de689f4a0e9644788a4e4afc3/invoke.js

173.233.137.36

11 kB

URL
www.profitablecreativeformat.com/955b0b4de689f4a0e9644788a4e4afc3/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29592), with no line terminators
Size
11 kB (10905 bytes)
Hash
5d54b8ea34b84bf40ec9d8ad0212ff78
098fb83d2c0eb25e40b9d05b3d67147e2ca4629b
58fbfd707db3ab73aed160470c0f8b80f818193f800b493e786fb00b3db4939b

HTTP Headers

GET /955b0b4de689f4a0e9644788a4e4afc3/invoke.js HTTP/1.1
Host: www.profitablecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48dbcb15c9f01bdd27ba110ed28c60fc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pluralpeachy.com/watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1

173.233.137.36

0 B

URL
pluralpeachy.com/watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1 HTTP/1.1
Host: pluralpeachy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Location: https://pluralpeachy.com/watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=1f0dd0f8e7b926df1c0ea5e68ea25696bd0f7d10f7c63c61ce980c0aa30b4e048f80a007f72936555c63e51373ec70b14087ef06b6a2ea4a30cde68582b228af1c117208118d0fb85dba964184c1661f23c4a09b241fefa5bf1e5b790b2d&pst=1701787829&rmtc=t
Set-Cookie: u_pl=20670241; expires=Wed, 06 Dec 2023 14:49:29 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDY3MDI0MSwiayI6IjI5MzI3Mjk2ODg2NGUyNDM2MDI3MWNkMjg5ODc0YzQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImV6eDk2dmg1M2oiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.irEOLtTeyByn04OtIaIdk7UayFXeJIyW9f09Luti238; expires=Tue, 05 Dec 2023 14:50:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5acb0e9f0485055ef031534ea2106ec3
Strict-Transport-Security: max-age=0; includeSubdomains

edgychancymisuse.com/watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1

173.233.137.60

0 B

URL
edgychancymisuse.com/watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1 HTTP/1.1
Host: edgychancymisuse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Location: https://edgychancymisuse.com/watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=dfef95a8c9f899e6a29c45ac11fb5e79ee97014261182212f1d0f0ea0eb2ee723d68cfc809c2e3ca7d9b65a12c75bb02116fd5b06bd23beb7290762a70793686b4fa40232b5fbac7a6bcd78ac1ec9ba6c304d67bc3171341207b6d19a492c5&pst=1701787829&rmtc=t
Set-Cookie: u_pl=20636107; expires=Wed, 06 Dec 2023 14:49:29 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDYzNjEwNywiayI6Ijk1NWIwYjRkZTY4OWY0YTBlOTY0NDc4OGE0ZTRhZmMzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiZTg1dGZ5MnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.mmTR3im9r9J4dKaFpV2n64KOY9dsuVENrXajckLjgKU; expires=Tue, 05 Dec 2023 14:50:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c86557ca72c1fc6093f605ce499f199f
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9e6VLKzA.woff2

142.250.74.3

7.1 kB

URL
fonts.gstatic.com/s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9e6VLKzA.woff2
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7088, version 1.0\012- data
Size
7.1 kB (7088 bytes)
Hash
a27483aa890e9336250d08c1cf0b14e2
345295e7fd0db67223928260e01242629b4c4637
aabb2e68eb0e363e83a57ef9a3ab050fda7b7f43f251f1c0e62e3e26fb53482e

HTTP Headers

GET /s/notosans/v35/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9e6VLKzA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7088
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:31:26 GMT
expires: Wed, 04 Dec 2024 07:31:26 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 20:08:46 GMT
content-type: font/woff2
age: 26283
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.usroid.com/wp-content/themes/usroid/assets/images/related-shadow.png

172.67.74.152

1.3 kB

URL
cdn.usroid.com/wp-content/themes/usroid/assets/images/related-shadow.png
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 60 x 379, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1341 bytes)
Hash
3aad05dab5cd2e4bc2bfa5d76cb92c27
84240a670ca9cb6b90570eb085f555ef1540f113
2c61f4fe6230fbe1f43af1d0a6306fe5dd13c98a5384488a31fb8df8568c6c03

HTTP Headers

GET /wp-content/themes/usroid/assets/images/related-shadow.png HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.usroid.com/wp-content/litespeed/css/adf893e884aeef7962ac54ff552cfba7.css?ver=bb266
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:29 GMT
content-type: image/png
content-length: 1341
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
cache-control: public, max-age=604800
etag: "53d-65494269-b9522a;;;"
expires: Mon, 27 Nov 2023 13:20:18 GMT
last-modified: Mon, 06 Nov 2023 19:45:45 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BT8eESpIW%2Fr8HwR2nqmbLLGr21I%2BsdPPpMAAAxaIU07pe4zKk0HRW6MJB%2BEoMqvvZEzw6AwKucBQNM8ewQphXc6yLpCX2Y9VFWB8BBI9uhp%2Fk8JMJOENulQMi3Z%2FeNy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18987b0fb51d-OSL
alt-svc: h3=":443"; ma=86400

cdn.usroid.com/wp-content/themes/usroid/assets/images/footer-bg.png

172.67.74.152

8.3 kB

URL
cdn.usroid.com/wp-content/themes/usroid/assets/images/footer-bg.png
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1936 x 570, 4-bit colormap, non-interlaced\012- data
Size
8.3 kB (8251 bytes)
Hash
5c50b244bf681dbd94e6fe8e4d9c275c
bcaff3d9e10be2d84b1e9ef7d1ed16220fa14b39
fdab3ee42c0f8bdc07d52fbaf5d9da68738fdf04e755f5ce569ba4fc957a4a11

HTTP Headers

GET /wp-content/themes/usroid/assets/images/footer-bg.png HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.usroid.com/wp-content/litespeed/css/adf893e884aeef7962ac54ff552cfba7.css?ver=bb266
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:29 GMT
content-type: image/png
content-length: 8251
cf-bgj: imgq:85,h2pri
cf-polished: origSize=9834, status=webp_bigger
cache-control: public, max-age=604800
etag: "266a-65494269-b95228;;;"
expires: Mon, 27 Nov 2023 13:19:58 GMT
last-modified: Mon, 06 Nov 2023 19:45:45 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ps%2BOIzV5gs1sI2Xw%2F06Q6f9EMHvcW%2B9SO9z0a7sV1mtF%2F%2BvXfDuPRIvg1FhvozvBgmFf3xf%2FMcURH0tJEhYR8be%2F0LnqLTg%2Fjf4uchraxMF3W5AU9QhwQDJhr4Gl6FeY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18987b15b51d-OSL
alt-svc: h3=":443"; ma=86400

rotundfetch.com/watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1

192.243.61.225

0 B

URL
rotundfetch.com/watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1 HTTP/1.1
Host: rotundfetch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Location: https://rotundfetch.com/watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=130a052c2233304e05baf4a5f1e85d07ba04a13c7257932512fb58988d3a3259e8e6150386e8fab77b1d185b162bdac54d71ed3848e912e51bb93ddd23cc92c35fa9af84d382211a066563788767fe6153b39576f2bb195f65e15e79fb3de8&pst=1701787830&rmtc=t
Set-Cookie: u_pl=20636107; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDYzNjEwNywiayI6Ijk1NWIwYjRkZTY4OWY0YTBlOTY0NDc4OGE0ZTRhZmMzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiZTg1dGZ5MnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.mmTR3im9r9J4dKaFpV2n64KOY9dsuVENrXajckLjgKU; expires=Tue, 05 Dec 2023 14:50:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff32d65f146aab018d23a3500efcbb63
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.usroid.com/wp-content/themes/usroid/assets/js/jquery.js

172.67.74.152

31 kB

URL
cdn.usroid.com/wp-content/themes/usroid/assets/js/jquery.js
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30965 bytes)
Hash
7650f99f9759dab02e618a0e40169343
108add56ede72b6075a2f5de77bb870dc65152cf
e409106a09c4676b55611bc757f5fb2d3e5bd92be5eefbfd53038d0283ef5137

HTTP Headers

GET /wp-content/themes/usroid/assets/js/jquery.js HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:28 GMT
content-type: application/x-javascript
cf-bgj: minify
cf-polished: origSize=85578
cache-control: public, max-age=604800
etag: W/"14e4a-654e0d89-b9343b;;;"
expires: Mon, 27 Nov 2023 13:19:56 GMT
last-modified: Fri, 10 Nov 2023 11:01:29 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2J8R%2FMFhG6ON1N5eZz3NRPbr%2FoaXntnQd5sTK1FFAtUsHcicNA5K1hflCWbNYUOnnZIsZv8uSO1z4j1ExPcyQZBQt3kPkC9ulQ6IIrpY8kGMk4I8xyDa1AtO3H9JaLJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d188c6b9ab51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

173.233.137.36

644 B

URL
pluralpeachy.com/watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=1f0dd0f8e7b926df1c0ea5e68ea25696bd0f7d10f7c63c61ce980c0aa30b4e048f80a007f72936555c63e51373ec70b14087ef06b6a2ea4a30cde68582b228af1c117208118d0fb85dba964184c1661f23c4a09b241fefa5bf1e5b790b2d&pst=1701787829&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
644 B (644 bytes)
Hash
dd1329d8ee21cd535210b53163aaaeae
1c8905420c11dd90d4343768fa59926821d0c8cf
fe0f7da1780031c214e0a122943af3ddb37634835a719201073a4df9175049fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1210694873871.js?key=293272968864e24360271cd289874c43&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=1f0dd0f8e7b926df1c0ea5e68ea25696bd0f7d10f7c63c61ce980c0aa30b4e048f80a007f72936555c63e51373ec70b14087ef06b6a2ea4a30cde68582b228af1c117208118d0fb85dba964184c1661f23c4a09b241fefa5bf1e5b790b2d&pst=1701787829&rmtc=t HTTP/1.1
Host: pluralpeachy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
Referer: https://www.usroid.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20670241; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDY3MDI0MSwiayI6IjI5MzI3Mjk2ODg2NGUyNDM2MDI3MWNkMjg5ODc0YzQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImV6eDk2dmg1M2oiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.irEOLtTeyByn04OtIaIdk7UayFXeJIyW9f09Luti238
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=df630363-3442-447e-bc2b-fabbc32e4028:1:1; expires=Tue, 12 Dec 2023 14:49:30 GMT; secure; SameSite=None
iprc526df37064fad98563c2b1947b8f1799=2717343; expires=Wed, 06 Dec 2023 16:49:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 43a297a0059e92ebbf65df1c69e7bd2a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.60

2.1 kB

URL
edgychancymisuse.com/watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=dfef95a8c9f899e6a29c45ac11fb5e79ee97014261182212f1d0f0ea0eb2ee723d68cfc809c2e3ca7d9b65a12c75bb02116fd5b06bd23beb7290762a70793686b4fa40232b5fbac7a6bcd78ac1ec9ba6c304d67bc3171341207b6d19a492c5&pst=1701787829&rmtc=t
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2644)
Size
2.1 kB (2110 bytes)
Hash
c2afba32303668a51132646a6e92998a
ae5ccf3c6463bdedb609104a0fba9fc9eed42ec6
308be7c4490e1d471a6340fa24788c2cbe4d8a845293d5762e7a86d50432132e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.166478125765.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=dfef95a8c9f899e6a29c45ac11fb5e79ee97014261182212f1d0f0ea0eb2ee723d68cfc809c2e3ca7d9b65a12c75bb02116fd5b06bd23beb7290762a70793686b4fa40232b5fbac7a6bcd78ac1ec9ba6c304d67bc3171341207b6d19a492c5&pst=1701787829&rmtc=t HTTP/1.1
Host: edgychancymisuse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
Referer: https://www.usroid.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20636107; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDYzNjEwNywiayI6Ijk1NWIwYjRkZTY4OWY0YTBlOTY0NDc4OGE0ZTRhZmMzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiZTg1dGZ5MnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.mmTR3im9r9J4dKaFpV2n64KOY9dsuVENrXajckLjgKU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=df630363-3442-447e-bc2b-fabbc32e4028:1:1; expires=Tue, 12 Dec 2023 14:49:30 GMT; secure; SameSite=None
iprcf1d53751213f80ec9da5ac27e51b6773=3569806; expires=Tue, 05 Dec 2023 18:49:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67239434159046ea12b7f6ab054c6528
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

nanhermione.com/watch.555970648710.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=3221ddc2fccedb2c30429e937bd6be0f577fcf53779e31789152d256919540134131bb66c72c685215e5e265e5e2f1bc40387356892a1557063a209b2564ed80dbb8b924d3b4f322cc40b89641fb836a0f12e740ac989ddb361f377fde64&pst=1701787830&rmtc=t

173.233.137.44

2.1 kB

URL
nanhermione.com/watch.555970648710.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=3221ddc2fccedb2c30429e937bd6be0f577fcf53779e31789152d256919540134131bb66c72c685215e5e265e5e2f1bc40387356892a1557063a209b2564ed80dbb8b924d3b4f322cc40b89641fb836a0f12e740ac989ddb361f377fde64&pst=1701787830&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2655)
Size
2.1 kB (2110 bytes)
Hash
b32b591834f2ff296e3cd75fa1679775
bed41dd1688bade3d2f8478ef56ef8d63cf62520
ad9e39e3a82386365f480464f0eb26152c7aeb6855eb1f7afe7e4a8b9fb16476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.555970648710.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=3221ddc2fccedb2c30429e937bd6be0f577fcf53779e31789152d256919540134131bb66c72c685215e5e265e5e2f1bc40387356892a1557063a209b2564ed80dbb8b924d3b4f322cc40b89641fb836a0f12e740ac989ddb361f377fde64&pst=1701787830&rmtc=t HTTP/1.1
Host: nanhermione.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
Referer: https://www.usroid.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20636107; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDYzNjEwNywiayI6Ijk1NWIwYjRkZTY4OWY0YTBlOTY0NDc4OGE0ZTRhZmMzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiZTg1dGZ5MnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.mmTR3im9r9J4dKaFpV2n64KOY9dsuVENrXajckLjgKU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=df630363-3442-447e-bc2b-fabbc32e4028:1:1; expires=Tue, 12 Dec 2023 14:49:30 GMT; secure; SameSite=None
iprcf1d53751213f80ec9da5ac27e51b6773=3569806; expires=Tue, 05 Dec 2023 18:49:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be2a0f958b54e2d3a51c26de586b0b0c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.61.225

2.5 kB

URL
rotundfetch.com/watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=130a052c2233304e05baf4a5f1e85d07ba04a13c7257932512fb58988d3a3259e8e6150386e8fab77b1d185b162bdac54d71ed3848e912e51bb93ddd23cc92c35fa9af84d382211a066563788767fe6153b39576f2bb195f65e15e79fb3de8&pst=1701787830&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (3142)
Size
2.5 kB (2456 bytes)
Hash
1944111c2b0c5ed5f96b0042bc935bee
fee7ddd517dd8bc50dfd05d73078165edf54593f
0340b82dd9aa12af937b0644b3589e430acd855a23ed9b2d7b642636607679c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1583323169498.js?key=955b0b4de689f4a0e9644788a4e4afc3&kw=%5B%22my%22%2C%22boy%22%2C%22%E2%80%93%22%2C%22tr%C3%ACnh%22%2C%22gi%E1%BA%A3%22%2C%22l%E1%BA%ADp%22%2C%22gba%22%2C%222%22%2C%220%22%2C%223%22%2C%22%E2%80%93%22%2C%22%E1%BB%A9ng%22%2C%22d%E1%BB%A5ng%22%2C%22ch%C6%A1i%22%2C%22game%22%2C%22game%22%2C%22boy%22%2C%22advance%22%2C%22%E2%80%93%22%2C%22usroid%22%5D&refer=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&tz=0&dev=e&res=14.3095&uuid=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1&shu=130a052c2233304e05baf4a5f1e85d07ba04a13c7257932512fb58988d3a3259e8e6150386e8fab77b1d185b162bdac54d71ed3848e912e51bb93ddd23cc92c35fa9af84d382211a066563788767fe6153b39576f2bb195f65e15e79fb3de8&pst=1701787830&rmtc=t HTTP/1.1
Host: rotundfetch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
Referer: https://www.usroid.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20636107; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDYzNjEwNywiayI6Ijk1NWIwYjRkZTY4OWY0YTBlOTY0NDc4OGE0ZTRhZmMzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyOTYwMTQ5LCJwaWQiOjEyMzAyMTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiZTg1dGZ5MnEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS92aS9teS1ib3ktZ2JhLWVtdWxhdG9yLyIsImFyIjpbXX19.mmTR3im9r9J4dKaFpV2n64KOY9dsuVENrXajckLjgKU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.usroid.com
Access-Control-Allow-Origin: https://www.usroid.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=df630363-3442-447e-bc2b-fabbc32e4028:1:1; expires=Tue, 12 Dec 2023 14:49:30 GMT; secure; SameSite=None
iprcf97cf2e22e14132dcf2152b1cdd0a69f=2060093; expires=Tue, 19 Dec 2023 14:49:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 06 Dec 2023 14:49:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9179976369b0e4c429869ef169597b78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.usroid.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.74.152

4.7 kB

URL
www.usroid.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.7 kB (4676 bytes)
Hash
9e1ade6ac2aebd7c9676e2a3a8002569
f4ce0206c4f48029d084515a896e99bc8d8dbbed
1fa3b02c057815ea8164dbc408e0efbc2b5f2e7a0112b0c4d1d254f6854fe88d

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=df630363-3442-447e-bc2b-fabbc32e4028%3A1%3A1; wp-wpml_current_language=vi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 05 Dec 2023 14:49:30 GMT
vary: accept-encoding
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BnulqsyAVUpvP5BoJCXViubwWh2LFtw0YCnnFMs8vW9AlZEyKpBICp5uDBkHPQJOk9MgBW5bNHV8cJ2TOLemr62ajj3YuIqLdOHA9ejqSuFJENWh22JLtj1ktwWMUe1q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d189b7e33b51d-OSL
alt-svc: h3=":443"; ma=86400

cdn.usroid.com/wp-content/uploads/my-boy-gba-emulator-logo-217x217.png

172.67.74.152

22 kB

URL
cdn.usroid.com/wp-content/uploads/my-boy-gba-emulator-logo-217x217.png
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
22 kB (22022 bytes)
Hash
8d0ea55e07a56ca19b6faa1b1c00bf95
2ea27be268c8765d95fcf95f604a9da92b5209ac
12e5ae701c98f44663463ef00adc7a9ee86fe9891ddc8ef49f23f7ab56658094

HTTP Headers

GET /wp-content/uploads/my-boy-gba-emulator-logo-217x217.png HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/webp
content-length: 22022
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=33726
content-disposition: inline; filename="my-boy-gba-emulator-logo-217x217.webp"
vary: Accept
cache-control: public, max-age=604800
etag: "83be-654942a7-bad51f;;;"
expires: Tue, 12 Dec 2023 10:04:46 GMT
last-modified: Mon, 06 Nov 2023 19:46:47 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTQKQ3P4v%2BAoXM9Xc8xaEP99Legce0wqsuAV1EtT71c3Hurw0d%2FybSGXCbCznUitkhUPw8jyTJY%2FnTVho0ALBnY7Vlu2B8NnzEffys5mBzz0mrnfTIVDDpgumIyWoz2s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d189c0ec8b51d-OSL
alt-svc: h3=":443"; ma=86400

cdn.usroid.com/wp-content/uploads/1945-classic-arcade-android-logo-60x60.png

172.67.74.152

1.9 kB

URL
cdn.usroid.com/wp-content/uploads/1945-classic-arcade-android-logo-60x60.png
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 60x60, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.9 kB (1900 bytes)
Hash
65c3c7c6cf08bd43514971fe2027f174
d78d1defea25f15035689099da9a27ac4b1954af
2aefdc2ac75481d8247f370e6f356ffeb3f5f355c89296b635e95b56bd3519b9

HTTP Headers

GET /wp-content/uploads/1945-classic-arcade-android-logo-60x60.png HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/webp
content-length: 1900
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=2343
content-disposition: inline; filename="1945-classic-arcade-android-logo-60x60.webp"
vary: Accept
cache-control: public, max-age=604800
etag: "927-6562b048-b93c45;;;"
expires: Sun, 03 Dec 2023 11:11:43 GMT
last-modified: Sun, 26 Nov 2023 02:41:12 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4aMlJXd9oDEx3XDXS6PNVccLRyoAKPjkecuBTSernTwWqt2v6ktLuif1ygYGgyUYW1MTHnG3WuKxArD3fTybZerE9kbpzfy2xlt%2BBQuGZ7bE9kBraM7jDJk3ew4cmtzy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d189c0ed1b51d-OSL
alt-svc: h3=":443"; ma=86400

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WCQBDK7SM6&cid=1599096542.1701787776&gtm=45je3bt0v876672936&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1518933936

142.250.74.67

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WCQBDK7SM6&cid=1599096542.1701787776&gtm=45je3bt0v876672936&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1518933936
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WCQBDK7SM6&cid=1599096542.1701787776&gtm=45je3bt0v876672936&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1518933936 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 14:49:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.usroid.com/wp-content/uploads/2020/05/Miniclip_Cover.jpg

172.67.74.152

4.2 kB

URL
cdn.usroid.com/wp-content/uploads/2020/05/Miniclip_Cover.jpg
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 229x126, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.2 kB (4166 bytes)
Hash
1f3809e8e520b25aed489b5c863c3bca
a3e86007540384b1f7fce09742f6355d60c2400c
060b8a6235e7fe55b5c68da71efb31a862d7e1c693d1f2cd2f62b1ed3cafbc71

HTTP Headers

GET /wp-content/uploads/2020/05/Miniclip_Cover.jpg HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Cookie: _ga_WCQBDK7SM6=GS1.1.1701787776.1.0.1701787776.60.0.0; _ga=GA1.1.1599096542.1701787776; cf_clearance=S97cHcsBshcu4WiGb7unkS1hAG_9UHOKEN5QVQbHt.E-1701787770-0-1-730ca2d2.73a07051.5b213570-0.2.1701787770
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/webp
content-length: 4166
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=7274
content-disposition: inline; filename="Miniclip_Cover.webp"
vary: Accept
cache-control: public, max-age=604800
etag: "1c6a-654942c4-bbcb87;;;"
expires: Mon, 27 Nov 2023 13:20:02 GMT
last-modified: Mon, 06 Nov 2023 19:47:16 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYzlVc1pLyDS4CFgEfcne7hAIyAuNbC%2B1x2jnMnGKhztaeMzC6vTxB001F%2BTHDVQdtRx%2B0M7Q%2FnmpIgLMW%2FlqfXAvQJiOCzVWut512HVp1mduHdjp%2F0SJDoWAWCvbOEl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d189eda39b51d-OSL
alt-svc: h3=":443"; ma=86400

cdn.usroid.com/wp-content/uploads/2020/05/gameloft-logo.png

172.67.74.152

52 kB

URL
cdn.usroid.com/wp-content/uploads/2020/05/gameloft-logo.png
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
52 kB (51670 bytes)
Hash
efda3a23b6afb0c2606480e4c5710f5a
a3dd7858a089d4939f73e40d4872580591cd1839
e473a3d4e4157f46dbaa916e4acbdb68de2fefc71988ff1089ba842958c7cf81

HTTP Headers

GET /wp-content/uploads/2020/05/gameloft-logo.png HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Cookie: _ga_WCQBDK7SM6=GS1.1.1701787776.1.0.1701787776.60.0.0; _ga=GA1.1.1599096542.1701787776; cf_clearance=S97cHcsBshcu4WiGb7unkS1hAG_9UHOKEN5QVQbHt.E-1701787770-0-1-730ca2d2.73a07051.5b213570-0.2.1701787770
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/webp
content-length: 51670
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=71162
content-disposition: inline; filename="gameloft-logo.webp"
vary: Accept
cache-control: public, max-age=604800
etag: "115fa-654942bd-bb79c0;;;"
expires: Mon, 27 Nov 2023 13:20:00 GMT
last-modified: Mon, 06 Nov 2023 19:47:09 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vCCPxssEGjoMUuoLptXPqg2HdzPeT8%2FM4F%2Bg5qlIOe6v0nDm8bz0CQXQAY27qzwXdcmVgvn%2FnVyT%2BFoLuXUOy7Vl4WHUYAoS7wo0xmbLoHkJjEDixRWRSQ22nk8q%2F3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d189eda30b51d-OSL
alt-svc: h3=":443"; ma=86400

region1.analytics.google.com/g/collect?v=2&tid=G-WCQBDK7SM6&gtm=45je3bt0v876672936&_p=1701787775784&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1599096542.1701787776&ul=en-us&sr=1280x1024&_s=1&sid=1701787776&sct=1&seg=0&dl=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&dt=My%20Boy!%20%E2%80%93%20Tr%C3%ACnh%20gi%E1%BA%A3%20l%E1%BA%ADp%20GBA%202.0.3%20%E2%80%93%20%E1%BB%A8ng%20d%E1%BB%A5ng%20ch%C6%A1i%20game%20Game%20Boy%20Advance!%20%E2%80%93%20Usroid&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3859

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-WCQBDK7SM6&gtm=45je3bt0v876672936&_p=1701787775784&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1599096542.1701787776&ul=en-us&sr=1280x1024&_s=1&sid=1701787776&sct=1&seg=0&dl=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&dt=My%20Boy!%20%E2%80%93%20Tr%C3%ACnh%20gi%E1%BA%A3%20l%E1%BA%ADp%20GBA%202.0.3%20%E2%80%93%20%E1%BB%A8ng%20d%E1%BB%A5ng%20ch%C6%A1i%20game%20Game%20Boy%20Advance!%20%E2%80%93%20Usroid&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3859
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-WCQBDK7SM6&gtm=45je3bt0v876672936&_p=1701787775784&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1599096542.1701787776&ul=en-us&sr=1280x1024&_s=1&sid=1701787776&sct=1&seg=0&dl=https%3A%2F%2Fwww.usroid.com%2Fvi%2Fmy-boy-gba-emulator%2F&dt=My%20Boy!%20%E2%80%93%20Tr%C3%ACnh%20gi%E1%BA%A3%20l%E1%BA%ADp%20GBA%202.0.3%20%E2%80%93%20%E1%BB%A8ng%20d%E1%BB%A5ng%20ch%C6%A1i%20game%20Game%20Boy%20Advance!%20%E2%80%93%20Usroid&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3859 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.usroid.com
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.usroid.com
date: Tue, 05 Dec 2023 14:49:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

144 kB

URL
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Thu, 07 Dec 2023 14:49:30 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

144 kB

URL
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:30 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Thu, 07 Dec 2023 14:49:30 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.usroid.com/wp-content/litespeed/js/9c207495cea19da5628c5c989931c7ac.js?ver=1c7ac

172.67.74.152

141 kB

URL
cdn.usroid.com/wp-content/litespeed/js/9c207495cea19da5628c5c989931c7ac.js?ver=1c7ac
IP
172.67.74.152:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65457)
Size
141 kB (140964 bytes)
Hash
1e0d2d5bb8e341fcfe2d8ad3b826af82
96835013b51d3c87a80c7222bf74d2439de83f10
09bb968db59ba488858a33f237a1e4e221aa08defa599276bfee99dc4d58136c

HTTP Headers

GET /wp-content/litespeed/js/9c207495cea19da5628c5c989931c7ac.js?ver=1c7ac HTTP/1.1
Host: cdn.usroid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 14:49:28 GMT
content-type: application/x-javascript
cf-bgj: minify
cf-polished: origSize=194448
cache-control: public, max-age=604800
etag: W/"2f790-656dc43c-bd002a;;;"
expires: Mon, 11 Dec 2023 12:21:16 GMT
last-modified: Mon, 04 Dec 2023 12:21:16 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zzc%2FW0i9RfbSD4kfKil2WSLEd0FH9t1nQsWR%2FcIHFGrwK3xpKftmKBQAvbDTXtkWtbY8WzA%2B4Be3ZtD%2BGWy%2FcESz0RMtydMtCJkvoorEB3Zq4%2F4i8JPCNLIX20328JD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d188c6b9bb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20670241

173.233.139.164

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20670241
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (484)
Size
1.4 kB (1393 bytes)
Hash
1a23a6ae262eeff276602274ddfef42a
10e08b58746735cf86975bed3be042a2c53151ec
52e91f905697eba3117fd1e06b68637fd22c3b610e2bb46ef01ec6b75873a2f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20670241 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.usroid.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Wed, 06 Dec 2023 14:49:31 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjA2NzAyNDEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS8iLCJhciI6W119fQ.1KPf5gdFbsPM4MyyvfeZBC95Usg9AATAykNSA3UtRco; expires=Tue, 05 Dec 2023 14:50:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 85bf5c61785e9eaeb178386ed741fe6f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNjcwMjQxJnBzdD0xNzAxNzg3ODMxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd3d3LnVzcm9pZC5jb20lMkYmcm10Yz10JnNodT04ODJmZWZkZmMzZTIzZTk5Yjk2NGU4OTU2NDA4NTY1ZDNjNzQ5NGU4NGYxNTExNmQ2ZTViNzVhNTI2MTU5NTlkMmZkNmFlNjQ1YjgxNDA3MDVmZTIwOWI5ZjQ0ODhiM2JiMzkyMGRhOTZkODhkYTIyZTM2MmNiOGVmM2YwZDc1MjM4Njg5MjQwYzg4NGZjZDhjNWMyYTc4NjNiYzI2ODdjODk5MjVjNTc0YzBkZDRlNWE0MDVjM2YzNzI5ZTBlYjhjMg%3D%3D&uuid=&pii=&in=false

173.233.137.44

302 Found

0 B

URL User Request GET HTTP/1.1
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNjcwMjQxJnBzdD0xNzAxNzg3ODMxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd3d3LnVzcm9pZC5jb20lMkYmcm10Yz10JnNodT04ODJmZWZkZmMzZTIzZTk5Yjk2NGU4OTU2NDA4NTY1ZDNjNzQ5NGU4NGYxNTExNmQ2ZTViNzVhNTI2MTU5NTlkMmZkNmFlNjQ1YjgxNDA3MDVmZTIwOWI5ZjQ0ODhiM2JiMzkyMGRhOTZkODhkYTIyZTM2MmNiOGVmM2YwZDc1MjM4Njg5MjQwYzg4NGZjZDhjNWMyYTc4NjNiYzI2ODdjODk5MjVjNTc0YzBkZDRlNWE0MDVjM2YzNzI5ZTBlYjhjMg%3D%3D&uuid=&pii=&in=false
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectconqueredallrightswell.com
Fingerprint9E:C2:75:0A:08:52:CB:97:0C:C6:54:67:5E:6F:7F:C9:D8:00:28:1C
ValidityTue, 14 Nov 2023 16:14:39 GMT - Mon, 12 Feb 2024 16:14:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwNjcwMjQxJnBzdD0xNzAxNzg3ODMxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd3d3LnVzcm9pZC5jb20lMkYmcm10Yz10JnNodT04ODJmZWZkZmMzZTIzZTk5Yjk2NGU4OTU2NDA4NTY1ZDNjNzQ5NGU4NGYxNTExNmQ2ZTViNzVhNTI2MTU5NTlkMmZkNmFlNjQ1YjgxNDA3MDVmZTIwOWI5ZjQ0ODhiM2JiMzkyMGRhOTZkODhkYTIyZTM2MmNiOGVmM2YwZDc1MjM4Njg5MjQwYzg4NGZjZDhjNWMyYTc4NjNiYzI2ODdjODk5MjVjNTc0YzBkZDRlNWE0MDVjM2YzNzI5ZTBlYjhjMg%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjA2NzAyNDEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cudXNyb2lkLmNvbS8iLCJhciI6W119fQ.1KPf5gdFbsPM4MyyvfeZBC95Usg9AATAykNSA3UtRco; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 14:49:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Wed, 06 Dec 2023 14:49:31 GMT
uncs=1; expires=Wed, 06 Dec 2023 14:49:31 GMT
pdhtkv28=true; expires=Wed, 06 Dec 2023 14:49:31 GMT
uncs28=1; expires=Wed, 06 Dec 2023 14:49:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b38436edaea95a47169e8907707d69b
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660

13.107.213.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; domain=.unibet.com; expires=Thu, 05-Dec-3022 14:49:32 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0fDhvZQAAAAA31CPU6YQxTp7kNRONF0DLU1ZHMjBFREdFMDYyMQAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Tue, 05 Dec 2023 14:49:31 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 14:49:32 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node03k3frcgvy3x8k0nfkcsnh1zt143581.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 14:49:32 GMT; Max-Age=63072000; Secure
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 14:49:32 GMT; Max-Age=63072000; Secure
uniattr_ref="https://conqueredallrightswell.com/"; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 14:49:32 GMT; Max-Age=63072000; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affiliateId=1; Path=/; Domain=.unibet.com; Secure
B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; Path=/; Domain=.unibet.com; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BID=37950; Path=/; Domain=.unibet.com; Secure
PID=68246908; Path=/; Domain=.unibet.com; Secure
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; Path=/; Domain=.unibet.com; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.com; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://conqueredallrightswell.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Tue, 05 Dec 2023 14:49:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9C341BF142D743958343D1FFAA70A316&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 14:49:32 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Tue, 05 Dec 2023 14:49:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

104.18.43.104

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 05 Dec 2023 14:49:32 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18abef4e5685-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.74

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 12:53:33 GMT
expires: Wed, 04 Dec 2024 12:53:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 6959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

304 Not Modified

0 B

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 304 Not Modified
date: Tue, 05 Dec 2023 14:49:32 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

304 Not Modified

0 B

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316; clientId=polopoly_desktop
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 304 Not Modified
date: Tue, 05 Dec 2023 14:49:33 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

104.18.43.104

200 OK

99 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Size
99 kB (98979 bytes)
Hash
678df4d8ef9b4aa957e5433dd94fb7e4
fd8a4109a2f00c19679f25d18be017541ff6fea5
bdbca379909a5f57b65b90094901804655f8cd82c05312a754320b7ae30c5187

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abef485685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 479505
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

104.18.43.104

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 05 Dec 2023 14:49:33 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18ad79275685-OSL
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

104.18.43.104

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 830d18ad894a5685-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 477266
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

83 kB

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data\012- data
Size
83 kB (82903 bytes)
Hash
e4ad4d5eb10dae22218451d122391b5e
2fd11887fd8d9154db716abe6a35ae92f51063ed
1a2f2dd093f6b632ec2b10bd407fa22e72a31040104fc210ce9b6c4de633d785

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: text/html;charset=utf-8
x-request-id: 945f4815e4cc5cd32ed5dbba775c8783
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 14:49:54 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 467519
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:43:41 GMT
expires: Wed, 04 Dec 2024 04:43:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 36352
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.140.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1238559
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GK79ji8JKiPsv4xisXNqUmc%2BmMgoER%2FFDj6vq%2FqICMT5ozqn0m9kYXUyrK3abqTq9ykev9IkBFNVWeIZy9BRDd2wJsUAvQIt0MLN8r07GPyD%2BnCSqM5HUC4TeF%2FHi8OYh6DGmf6i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d18adaad952ab-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 493960
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

104.18.43.104

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abef415685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 475883
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.80.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.80.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 219
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18b0ce7f56c1-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

104.18.43.104

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abdf3e5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 467344
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

104.18.43.104

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 830d18ad793a5685-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 378618
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

104.18.43.104

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: image/x-icon
cf-ray: 830d18ae7a5d5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 549429
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

104.18.43.104

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abdf3b5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 471647
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=BLP.1.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 14:00:57 GMT
vary: Accept-Encoding
etag: W/"656ddb99-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.106

200 OK

6.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (6530), with no line terminators
Size
6.4 kB (6362 bytes)
Hash
feddc562097e437af08febef83792dbe
4d1d430f50e555657f1a135bcf655877597b38ca
284e88ea80c2a259fedfeb2cd060bd55616e22a73693c779061741385239c46b

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 14:49:32 GMT
date: Tue, 05 Dec 2023 14:49:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

104.18.43.104

200 OK

32 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
32 kB (31807 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abef515685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 549575
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

104.18.43.104

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abdf2d5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 555924
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

104.18.43.104

200 OK

807 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Size
807 B (807 bytes)
Hash
f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abdf305685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 549499
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.80.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.80.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 351
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18b0ae6856c1-OSL
content-encoding: br
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 05 Dec 2023 14:49:32 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

104.18.43.104

200 OK

15 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
15 kB (14810 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d18ad28e15685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 369952
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.140.13

200 OK

54 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
54 kB (54456 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1059440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3gkdg4uehq2yO3b%2FPVBvpEsrblslAiUcvmJGOEVO27iZY0sgzxaBcfUC1AtAPdaCZqzXubS4qC1vZYgJswPYvCzp8dRBfuo48pe9YbTqk%2FUt0DznaSbH6zoU9dSAQiUW8Rfmwdj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d18ac79ed52ab-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

104.18.43.104

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
16 kB (15888 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abdf315685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 383819
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

104.18.43.104

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: image/svg+xml
cf-ray: 830d18abef4a5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 370870
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.80.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.80.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:33 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 143
vary: Accept-Encoding
server: cloudflare
cf-ray: 830d18b0ae6256c1-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

104.18.43.104

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: text/css; charset=utf-8
cf-ray: 830d18abcf155685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 464492
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

104.18.43.104

200 OK

5.9 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (6078), with no line terminators
Size
5.9 kB (5881 bytes)
Hash
f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: application/javascript
cf-ray: 830d18abdf2a5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 477360
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

104.18.43.104

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d18abdf285685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 381161
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

104.18.43.104

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210670257589%7c1%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_9C341BF142D743958343D1FFAA70A316
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830d18abcf1f5685-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 286614
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192188 bytes)
Hash
b0b4175cf14760a93648ab9e369691d7
d3b79412060af66ad5bd72ea25369c32b3ae660d
b9911b8bf9f2f33346cf4c46a52ca05130755b370396d5fd93a6390a4629c7f8

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 14:49:33 GMT
expires: Tue, 05 Dec 2023 14:49:33 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908

104.18.43.104

200 OK

17 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_9C341BF142D743958343D1FFAA70A316&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701787772142)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251449%22%7d%5d; __ucbt=node03k3frcgvy3x8k0nfkcsnh1zt1; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_9C341BF142D743958343D1FFAA70A316; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9C341BF142D743958343D1FFAA70A316%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 14:49:32 GMT
content-type: text/html; charset=utf-8
cf-ray: 830d18a9ecc55685-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: eabf2cc3-101e-0040-428a-27153a000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_9C341BF142D743958343D1FFAA70A316;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations