Report - userdatadane88.s3-website-us-east-1.amazonaws.com/irobot-roomba-quick-start-guide.html

Report Overview

Visited public
2023-12-02 10:47:13
Tags
URL
userdatadane88.s3-website-us-east-1.amazonaws.com/irobot-roomba-quick-start-guide.html
Finishing URL
www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
IP / ASN
54.231.228.109
#0
Title

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-02 05:10:02	2.7 kB	96 kB	104.17.24.14
i2.wp.com	5618	1997-03-28	2017-01-30 06:03:40	2023-12-02 05:31:17	3.2 kB	443 kB	192.0.77.2
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-02 10:34:02	350 B	942 B	143.204.53.97
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-02 07:17:09	453 B	76 kB	142.250.74.138
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-12-01 19:43:42	983 B	31 kB	0.0.0.0
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-11-29 05:29:33	2.7 kB	4.5 kB	192.243.59.20
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-12-01 05:31:13	1.8 kB	947 B	173.233.137.36
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-02 08:02:56	445 B	31 kB	142.250.74.138
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-02 05:09:04	490 B	1.5 kB	151.101.1.229
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-02 05:19:04	509 B	455 B	18.157.203.0
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-11-28 09:13:44	608 B	1.0 kB	172.67.205.133
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-01 06:35:23	1.4 kB	2.0 kB	85.184.96.5
cdn.statically.io	10364	2019-05-05	2019-05-15 10:32:51	2023-12-01 06:26:45	1.9 kB	4.9 kB	151.101.65.91
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-02 06:23:17	1.4 kB	32 kB	142.250.74.35
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-02 05:17:42	483 B	111 kB	172.64.140.13
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-01 06:35:22	591 B	19 kB	13.107.213.53
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-02 07:24:06	1.1 kB	33 kB	216.58.207.227
a.veinmaster.top	unknown	2023-11-23	2023-11-24 09:28:59	2023-12-01 13:52:16	3.7 kB	44 kB	104.21.3.144
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-01 22:19:58	2.8 kB	5.8 kB	85.184.96.28
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-01 13:52:19	1.4 kB	1.7 kB	85.184.96.5
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-01 11:51:43	19 kB	194 kB	172.64.144.152
userdatadane88.s3-website-us-east-1.amazonaws.com	unknown	unknown	No data	No data	1.2 kB	55 kB	52.217.228.93
tse1.mm.bing.net	7917	1997-09-03	2014-03-13 15:42:52	2023-12-01 19:04:09	5.7 kB	100 kB	204.79.197.200
nationhandbook.com	unknown	2023-11-28	2023-11-28 12:44:59	2023-11-28 18:43:51	2.9 kB	4.6 kB	192.243.61.227
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-01 09:03:21	926 B	601 B	192.64.81.118
vvfal.veinmaster.top	unknown	2023-11-23	2023-11-26 13:21:34	2023-11-30 01:15:05	2.0 kB	16 kB	104.21.3.144
1.bp.blogspot.com	8403	2000-07-31	2012-05-21 15:44:19	2023-12-01 21:36:02	1.1 kB	31 kB	142.250.74.161
propositionpower.com	692002	2021-10-14	2021-10-14 15:23:58	2023-11-15 22:08:40	401 B	12 kB	173.233.137.44
cdnstatic.veinmaster.top	unknown	2023-11-23	2023-11-26 05:26:39	2023-12-01 13:52:16	519 B	10 kB	104.21.3.144

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-02 10:47:09	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-02	medium	nationhandbook.com	Sinkholed
2023-12-02	medium	nationhandbook.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed
2023-12-02	medium	conqueredallrightswell.com	Sinkholed
2023-12-02	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-02	2023-12-03
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 09:24 Last Seen2023-12-03 09:02 Times Seen17 Hash 422ecd3802e05c506d969d789fc58db2 d1ee77bd95bf2079e68393c86d5825466a75a509 99ee9f2740080ba68338e1b3bfc43c30f0cac67e8fedddc90a98689163930f0e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - 6019077ef260ec8f7a1fc8d2255c99b9	471 B	2024-08-20 17:04	2024-08-20 17:04
Pretty Observations First Seen2024-08-20 17:04 Last Seen2024-08-20 17:04 Times Seen1 Hash 6019077ef260ec8f7a1fc8d2255c99b9 07dbe3bbbcd8209135742fa98327e104d1756a8f 5deb5365fcae2de67c4a9112db0eb7e7d0888096c74f1937c62558533d6ae0a0 Loading...

		Size	First Seen	Last Seen
	#1 Write - 75874a60b7840747f503fc0df985402b	988 B	2023-10-27 14:07	2024-08-20 22:13
Pretty Observations First Seen2023-10-27 14:07 Last Seen2024-08-20 22:13 Times Seen9 Hash 75874a60b7840747f503fc0df985402b bcc4ae95d8fb798c470deb3008f9e2133bfaa8e1 8679aaef25a4611ede578684d59cc15462e3c6c02dde41a0b2babe41e284ef52 Loading...

	#2 Write - b58d3207503b2255a1dcadc5f1c0cc45	117 B	2023-10-27 14:07	2024-08-20 22:13
Pretty Observations First Seen2023-10-27 14:07 Last Seen2024-08-20 22:13 Times Seen3 Hash b58d3207503b2255a1dcadc5f1c0cc45 dc2f9f20c3924edc0c94937a85be62f9073d1e5d 841c4ac1cd50dfc28946740fe1a258ee7a1a09e0c1c1228484dc94fea9ed30c8 Loading...

	#3 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (79)

URL IP Response Size

userdatadane88.s3-website-us-east-1.amazonaws.com/

52.217.228.93

29 kB

URL
userdatadane88.s3-website-us-east-1.amazonaws.com/
IP
52.217.228.93:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2110), with CRLF, LF line terminators
Size
29 kB (28671 bytes)
Hash
ec1b484040ce8f4da587b957718ece52
d37c02622a7491f6200091983b3158bf406eb530
9f4a3c22a80f18fe730bc27b7ba5da432005c254dd8cef7643fd13f2ea80dd6c

HTTP Headers

GET / HTTP/1.1
Host: userdatadane88.s3-website-us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: QtbivF1PAqv1Uyk8ErYhETx5+IoRlxM0IXbqH7GfRhQRLVNqUIJ6emlnEuEBFWRJmBPPj1MeXn4=
x-amz-request-id: PSAEZC7AW6HEDFZF
Date: Sat, 02 Dec 2023 10:46:59 GMT
Last-Modified: Fri, 18 Aug 2023 06:10:44 GMT
ETag: "ec1b484040ce8f4da587b957718ece52"
Content-Type: text/html
Server: AmazonS3
Content-Length: 28671

userdatadane88.s3-website-us-east-1.amazonaws.com/irobot-roomba-quick-start-guide.html

52.216.76.171

24 kB

URL
userdatadane88.s3-website-us-east-1.amazonaws.com/irobot-roomba-quick-start-guide.html
IP
52.216.76.171:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6889), with CRLF line terminators
Size
24 kB (24534 bytes)
Hash
198018acd7bd2f287aef73b097587a12
d76633a9c54915c315deb6c032e4fdb020929e31
16b24d358960ff77a174fe88b74b870c72e452cce5de4073e1c16a747707735e

HTTP Headers

GET /irobot-roomba-quick-start-guide.html HTTP/1.1
Host: userdatadane88.s3-website-us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: hWDxcsvyauKqGXvC6zJxYdUg7T7jRvPDwMtV/wAnNI8NGE1beW8hZKckswc9C7xVVooPeTlGe2g=
x-amz-request-id: PSA3XVNRHK5YD6RE
Date: Sat, 02 Dec 2023 10:46:59 GMT
Last-Modified: Fri, 18 Aug 2023 06:11:43 GMT
ETag: "198018acd7bd2f287aef73b097587a12"
Content-Type: text/html
Server: AmazonS3
Content-Length: 24534

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/css/bootstrap.min.css

104.17.24.14

18 kB

URL
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/css/bootstrap.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65326)
Size
18 kB (17725 bytes)
Hash
d44328cee87c2b405213893ba35eaf78
1fb83fc595cf28bf9362d87610eadfa3b7bbbe59
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.6.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:46:58 GMT
content-type: text/css; charset=utf-8
content-length: 17725
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "617ac9de-453d"
last-modified: Thu, 28 Oct 2021 16:03:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 548175
expires: Thu, 21 Nov 2024 10:46:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30jSaMkO4CVN7%2FBwc9nC35RjUJfOWWksCTWmlWTbGytYXPe68Sz3LpFtLvUr5KiX8%2F%2F9z1z4uYOZknyMfPp4ve1HHd5UWgdOJTzamuOMRxWGHxr9RzdTjznvWY5psePbMqvtPGiT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f2fd3a994356ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.24.14

3.2 kB

URL
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:46:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 801415
expires: Thu, 21 Nov 2024 10:46:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pocqyipc8eijsnAEFaSGOsIqf4egehhLYb3A%2B5vCzJd4%2FENXNxF0xudPfqW%2ByLBiW4xMW5L%2FMTGPdQCLv0l%2FYup1o2nfQoGAc5yKMCUX%2F5ydKLnjvYlYYdM5IUq42CBvmytPDw58"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f2fd3a994456ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.24.14

22 kB

URL
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:46:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 374292
expires: Thu, 21 Nov 2024 10:46:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cU3rpXA4XoRBfWRu%2Bo708vbIjNzx2J5xQ5OWIN72PJtmnYeELCL5Uhi%2BleIhnk0BPkc0ZNH43by18FmWrjQMdPOxEnr%2FmCPjp8k85yaPKspCL1Bf2f6ePSabjPeN5rzp9yPLtZus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f2fd3a994556ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js

104.17.24.14

19 kB

URL
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65299)
Size
19 kB (19418 bytes)
Hash
90146f01d8a2028ed6f2c3d2fba4ac9b
0363cb58b7a7b60ef7fbf82b8bceb6305232501a
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.6.1/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:46:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 19418
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "617ac9de-4bda"
last-modified: Thu, 28 Oct 2021 16:03:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 548229
expires: Thu, 21 Nov 2024 10:46:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RX5vUlUQir8FTuGNZe2UFDTv7EwCchuNoR1s8ByUrg2Cgqf7i%2FEA%2BcadBxPyHLy6kZqhbUtCo%2BSJN37n5pfF%2FV1AhHwMUbHFXl6c5AMRhXFTtNGbWqEumG5cgfS6GgQhPdUzaAR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f2fd3aa94b56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

28 kB

URL
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:46:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 621717
expires: Thu, 21 Nov 2024 10:46:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l4fIkVEUYiAATTt6tyhXeSqy7x9WLI4DDme1UrSCHNL4GLb0qWCxbDWr%2BExrMh58JGsdUts%2BnZwFGoaMqvLfAhdLVIjBtnpNmaOCsMKl3yPGfeHxkcb0NK6zQK401vAWBSyFXAGY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f2fd3ae98256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/vyantagc/vyantagc/popme-style.min.css

151.101.1.229

728 B

URL
cdn.jsdelivr.net/gh/vyantagc/vyantagc/popme-style.min.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (1779)
Size
728 B (728 bytes)
Hash
41981e365b3ca24070c3c3a3f9d4ccdd
a260a4479847ebd1318a45ca01714fdf5381044f
d7b7f372d890aa0238e9c8449ac9eefdee7a0d890d082c432bbb9686820bcdcd

HTTP Headers

GET /gh/vyantagc/vyantagc/popme-style.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"6f4-omCkR5hH69ExikXKAXFP31OBBE8"
content-encoding: br
accept-ranges: bytes
date: Sat, 02 Dec 2023 10:46:59 GMT
age: 35868
x-served-by: cache-fra-eddf8230108-FRA, cache-bma1642-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 728
X-Firefox-Spdy: h2

cdn.statically.io/gh/luqmanhakim721/js/main/stats2.js

151.101.65.91

280 B

URL
cdn.statically.io/gh/luqmanhakim721/js/main/stats2.js
IP
151.101.65.91:0
ASN
#54113 FASTLY

File type
ASCII text
Size
280 B (280 bytes)
Hash
193cef818f5a62d694b4296fda987d1e
23751877d25dd3905338628c03d827d691533b7a
298e7156b0bd2bad7116a35aa02a09c7d8c4ebe8f907d4cbdaed93f56d7c8e87

HTTP Headers

GET /gh/luqmanhakim721/js/main/stats2.js HTTP/1.1
Host: cdn.statically.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: br
access-control-allow-origin: *
access-control-expose-headers: *
age: 30443
cache-control: public, max-age=86400
content-type: application/javascript; charset=utf-8
date: Sat, 02 Dec 2023 10:46:59 GMT
etag: W/"6cde47b851ba6a7bad3f4ee46de50c4f44d3f11934abbbe3eacf9517d85b0274"
server: statically
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT, HIT
x-content-type-options: nosniff
x-served-by: cache-sjc10066-SJC, cache-bma1663-BMA
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 280
X-Firefox-Spdy: h2

cdn.statically.io/gh/luqmanhakim721/js/main/footer3.js

151.101.65.91

6 B

URL
cdn.statically.io/gh/luqmanhakim721/js/main/footer3.js
IP
151.101.65.91:0
ASN
#54113 FASTLY

File type
very short file (no magic)
Size
6 B (6 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /gh/luqmanhakim721/js/main/footer3.js HTTP/1.1
Host: cdn.statically.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: br
access-control-allow-origin: *
access-control-expose-headers: *
age: 34752
cache-control: public, max-age=86400
content-type: application/javascript; charset=utf-8
date: Sat, 02 Dec 2023 10:46:59 GMT
etag: "168c5d2e04f954ab0b60174efafb64796dd3683e7f11b684d66941ede8511cda"
server: statically
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT, HIT
x-content-type-options: nosniff
x-served-by: cache-sjc10038-SJC, cache-bma1663-BMA
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6
X-Firefox-Spdy: h2

cdn.statically.io/gh/luqmanhakim721/js/main/footer.js

151.101.65.91

1.2 kB

URL
cdn.statically.io/gh/luqmanhakim721/js/main/footer.js
IP
151.101.65.91:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (586)
Size
1.2 kB (1244 bytes)
Hash
104a32c78c78c9ecd0393cf1c84b8e03
af9d2605068a1385ff11006b103848120deda512
117c310730df71e2c4a11903906051cd50e0e34995164150addd165edd477672

HTTP Headers

GET /gh/luqmanhakim721/js/main/footer.js HTTP/1.1
Host: cdn.statically.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: br
access-control-allow-origin: *
access-control-expose-headers: *
age: 70459
cache-control: public, max-age=86400
content-type: application/javascript; charset=utf-8
date: Sat, 02 Dec 2023 10:46:59 GMT
etag: W/"7d04f1e0f99e926a6b1ee250b0e2cc7361f341a8c28a8ab1aa493ac0daa34450"
server: statically
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT, HIT
x-content-type-options: nosniff
x-served-by: cache-sjc10038-SJC, cache-bma1663-BMA
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1244
X-Firefox-Spdy: h2

cdn.statically.io/gh/luqmanhakim721/js/main/social.js

151.101.65.91

671 B

URL
cdn.statically.io/gh/luqmanhakim721/js/main/social.js
IP
151.101.65.91:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (634)
Size
671 B (671 bytes)
Hash
52074b85c33415ffb87271b9945a4c6b
7fe3e5e64df2a79555c5b4cdcbd4726d8fdb807c
e11b7fe656ac69cc8afe7dc244cd05ca3f0d18143e73a113dccf81440c1512fd

HTTP Headers

GET /gh/luqmanhakim721/js/main/social.js HTTP/1.1
Host: cdn.statically.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: br
access-control-allow-origin: *
access-control-expose-headers: *
age: 2236
cache-control: public, max-age=86400
content-type: application/javascript; charset=utf-8
date: Sat, 02 Dec 2023 10:46:59 GMT
etag: W/"a907377582135a056368a5d932896c7cf94809ffaed961b8697e132608c2f290"
server: statically
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT, HIT
x-content-type-options: nosniff
x-served-by: cache-sjc10067-SJC, cache-bma1663-BMA
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 671
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=kohler%20carburetor%20reference%20manual&w=50&h=50&c=7

204.79.197.200

1.6 kB

URL
tse1.mm.bing.net/th?q=kohler%20carburetor%20reference%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.6 kB (1615 bytes)
Hash
e24e9901475454ecadf827ebec95e47d
722ced38fbb74e9bc4147f365ce895155d10131a
f04540eb8b11c178579579eff26e4bbdfe14ef6a76d2b579e315cdb959a8b138

HTTP Headers

GET /th?q=kohler%20carburetor%20reference%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1615
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6676D912519E4EBB8A9EF46F9B15D3F4 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=infinity%20box%20wiring&w=50&h=50&c=7

204.79.197.200

1.8 kB

URL
tse1.mm.bing.net/th?q=infinity%20box%20wiring&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.8 kB (1777 bytes)
Hash
6a3486de09c0a49c5df6d1a9d17c4f8f
5772638f0e7a926337e031ce00abaedb35414a0a
d69dd58ba8ac44062651347ad9ad0334145c8d9e27549d06e32d0040d92c1763

HTTP Headers

GET /th?q=infinity%20box%20wiring&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1777
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8736AF5C23664DA482F37F76C02695BA Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=kenmore%2049513%20owner%27s%20manual&w=50&h=50&c=7

204.79.197.200

960 B

URL
tse1.mm.bing.net/th?q=kenmore%2049513%20owner%27s%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
960 B (960 bytes)
Hash
785e389005f051223778e5a413ec67f6
70158a6c4c7b6423316e8a7c2008c5019eb23f5d
29a8d9685be6643adc1ceb5e17376f8ba06607222c0646ad082271cdd7763939

HTTP Headers

GET /th?q=kenmore%2049513%20owner%27s%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 960
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0AD3AC96BFFC476FB934FEBFBFA58D28 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=klein%20ncvt-3%20manual&w=50&h=50&c=7

204.79.197.200

1.0 kB

URL
tse1.mm.bing.net/th?q=klein%20ncvt-3%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.0 kB (1045 bytes)
Hash
f89ebd49ec2494194b81f83ba3387dcc
a75857f45ab916c2b5ce74870c388427cc3ecd3f
dbdcec277ad7e36859e2a77f7eb298097ad2e7eb662fc85e512d9b089a91e19e

HTTP Headers

GET /th?q=klein%20ncvt-3%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1045
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8B76E41EC514C4B9195D6174D198EF5 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=johnson%20seahorse%206hp%20manual&w=50&h=50&c=7

204.79.197.200

1.2 kB

URL
tse1.mm.bing.net/th?q=johnson%20seahorse%206hp%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1154 bytes)
Hash
8a1ce1c5e82950283a8dfa2b2e51bc62
fa24def0bc998dfc65b944fbb287272d0520b141
c682eff1c47aa4f34513edbd9cf10a2be9e0fc2325a410ea344ae67dee79757e

HTTP Headers

GET /th?q=johnson%20seahorse%206hp%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1154
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D4ABABB4F43445FAB2064EEA5A48C12 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=irobot%20roomba%20quick%20start%20guide

204.79.197.200

78 kB

URL
tse1.mm.bing.net/th?q=irobot%20roomba%20quick%20start%20guide
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x670, components 3\012- data
Size
78 kB (77973 bytes)
Hash
72bed5fbed714891d980ca6a9da39aa7
187d492fdf12b9ca23680e293898c07e879eb86d
0ed1a65c521e72869c95a8a73516ce74ad304ea6e55cc58561b3ec71e1a6c575

HTTP Headers

GET /th?q=irobot%20roomba%20quick%20start%20guide HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 77973
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6152087080184CEE8DD78EACE49C8BD5 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=kitchenaid%20dishwasher%20diagnostics%20manual&w=50&h=50&c=7

204.79.197.200

1.7 kB

URL
tse1.mm.bing.net/th?q=kitchenaid%20dishwasher%20diagnostics%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.7 kB (1659 bytes)
Hash
44a8dc4dd754a1638cde07da66f4ac0d
b370cbd4d8dc05a549fec2ae03b51d98154526f3
39648ac6ab9634698ed181e147d745f08844fd5a7ce9dfa4c96c3590763cce34

HTTP Headers

GET /th?q=kitchenaid%20dishwasher%20diagnostics%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1659
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8A56DB983FE4D23A55C947F56D6E659 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=kodak%208800%20user%20manual&w=50&h=50&c=7

204.79.197.200

1.2 kB

URL
tse1.mm.bing.net/th?q=kodak%208800%20user%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1156 bytes)
Hash
55e3b2bc2d571508ac4b12980ea66c10
5150ecfe28a65ec4a1571df238bb8755b5095603
cef1001ff083186c8c8f7f285b21b890b805d9dc7c5d59af490b2cad0a7c3a90

HTTP Headers

GET /th?q=kodak%208800%20user%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1156
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DF979E5EE75F477D9A1F93F8CF8C57C9 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=jacobsen%20lawn%20mower%20manual&w=50&h=50&c=7

204.79.197.200

1.2 kB

URL
tse1.mm.bing.net/th?q=jacobsen%20lawn%20mower%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1245 bytes)
Hash
1bf0e86884d43850c6ef476900ee946c
6b778532f025d792ab017f3071c0ef76ad9d35f6
014b88637abe467085c5f1f5b426c17afe73a1339572b698efec49648d41c0db

HTTP Headers

GET /th?q=jacobsen%20lawn%20mower%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1245
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A07EA9EF17744EFB55ABD4876A0112D Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=kodak%20pixpro%20az421%20manual&w=50&h=50&c=7

204.79.197.200

1.5 kB

URL
tse1.mm.bing.net/th?q=kodak%20pixpro%20az421%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.5 kB (1495 bytes)
Hash
75f22b8403da2f3f95527b803ce138c6
452f6147bc13830adfa039089821a5fa1315a2a7
7cb263e09d4b4ac40f3f13dc8cafb8bbb11aff637ebdd69129dc4fa8527ca552

HTTP Headers

GET /th?q=kodak%20pixpro%20az421%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1495
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 57383165A89B49A4AD3D354D68D277EA Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=jbl%20flip%204%20user%20manual&w=50&h=50&c=7

204.79.197.200

1.2 kB

URL
tse1.mm.bing.net/th?q=jbl%20flip%204%20user%20manual&w=50&h=50&c=7
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1182 bytes)
Hash
725560fd46de5dbb4aa9e50693ea04c7
fff2a37336a47319f28bb81674cccdd426c86799
8fba961f1ce16f9d5753314f6dea0f7c15b28e436d5bc3e814ff54e8f41c03bf

HTTP Headers

GET /th?q=jbl%20flip%204%20user%20manual&w=50&h=50&c=7 HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=5184000
content-length: 1182
content-type: image/jpeg
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9148AF7044964A0A81749F234E651E96 Ref B: OSL30EDGE0420 Ref C: 2023-12-02T10:46:59Z
date: Sat, 02 Dec 2023 10:46:58 GMT
X-Firefox-Spdy: h2

i2.wp.com/data2.manualslib.com/first-image/i13/63/6229/622827/irobot-roomba.jpg

192.0.77.2

43 kB

URL
i2.wp.com/data2.manualslib.com/first-image/i13/63/6229/622827/irobot-roomba.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 950x1401, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
43 kB (43352 bytes)
Hash
6c1d6aa4d6fe5469d3f45e9f64455483
1ee2359ef69a1220b06ab2ac5433cd7d8e03d396
3639c7f7d098e39e54d76aed5f47425184cb1bb533f92b0c7dec6a6a835e4778

HTTP Headers

GET /data2.manualslib.com/first-image/i13/63/6229/622827/irobot-roomba.jpg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 10:47:00 GMT
content-type: image/webp
content-length: 43352
last-modified: Sat, 02 Dec 2023 10:47:00 GMT
expires: Mon, 01 Dec 2025 22:47:00 GMT
cache-control: public, max-age=63115200
link: <http://data2.manualslib.com/first-image/i13/63/6229/622827/irobot-roomba.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "cd32bd0d81fa106d"
vary: Accept
x-nc: MISS arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i2.wp.com/data2.manualslib.com/first-image/i2/8/786/78515/irobot-roomba.jpg

192.0.77.2

85 kB

URL
i2.wp.com/data2.manualslib.com/first-image/i2/8/786/78515/irobot-roomba.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 950x1461, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
85 kB (85388 bytes)
Hash
20285af78c95f1eedaf0ee0477a6905a
0dc5ce4b6367aabecfce8f4782e03e0667de0ae1
c1f00c7cbf95d5de777430409b7e92a8cc407fc2efd8c356bb3d2ca3d77ca7a1

HTTP Headers

GET /data2.manualslib.com/first-image/i2/8/786/78515/irobot-roomba.jpg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 10:47:00 GMT
content-type: image/webp
content-length: 85388
last-modified: Sat, 02 Dec 2023 10:47:00 GMT
expires: Mon, 01 Dec 2025 22:47:00 GMT
cache-control: public, max-age=63115200
link: <http://data2.manualslib.com/first-image/i2/8/786/78515/irobot-roomba.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a651f0f2391d0d75"
vary: Accept
x-nc: MISS arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i2.wp.com/data2.manualslib.com/first-image/i17/85/8489/848872/irobot-roomba.jpg

192.0.77.2

92 kB

URL
i2.wp.com/data2.manualslib.com/first-image/i17/85/8489/848872/irobot-roomba.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 950x1271, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
92 kB (91628 bytes)
Hash
396f020a43d6d034ea6ea78b92b29b5b
6ab75863a05fbc2ef1d4854c10041fd3eac94efe
8a5db0bb981ad9d49c631ddad95f306c66fda55b0455133af8563383f25d702d

HTTP Headers

GET /data2.manualslib.com/first-image/i17/85/8489/848872/irobot-roomba.jpg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 10:47:00 GMT
content-type: image/webp
content-length: 91628
last-modified: Sat, 02 Dec 2023 10:47:00 GMT
expires: Mon, 01 Dec 2025 22:47:00 GMT
cache-control: public, max-age=63115200
link: <http://data2.manualslib.com/first-image/i17/85/8489/848872/irobot-roomba.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f1fb80b49d06e0f4"
vary: Accept
x-nc: MISS arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i2.wp.com/data2.manualslib.com/first-image/i15/75/7411/741050/irobot-roomba-500-series.jpg

192.0.77.2

89 kB

URL
i2.wp.com/data2.manualslib.com/first-image/i15/75/7411/741050/irobot-roomba-500-series.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 950x1271, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
89 kB (89246 bytes)
Hash
015e5ab92079fdb747b59816af8a4c0a
b1e8f3a0f9075c8f576ed497f64d96a80ab45cac
0818062327e1177e07d6b0b1bd2039d07753a451c48f8b88a24eeaebe6fb5ee9

HTTP Headers

GET /data2.manualslib.com/first-image/i15/75/7411/741050/irobot-roomba-500-series.jpg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 10:47:00 GMT
content-type: image/webp
content-length: 89246
last-modified: Sat, 02 Dec 2023 10:47:00 GMT
expires: Mon, 01 Dec 2025 22:47:00 GMT
cache-control: public, max-age=63115200
link: <http://data2.manualslib.com/first-image/i15/75/7411/741050/irobot-roomba-500-series.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7037591a2794cdf2"
vary: Accept
x-nc: MISS arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i2.wp.com/cdn2.all-guidesbox.com/images/pdf2html2/478/478006/bg1.png

192.0.77.2

120 kB

URL
i2.wp.com/cdn2.all-guidesbox.com/images/pdf2html2/478/478006/bg1.png
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
120 kB (119814 bytes)
Hash
612bc594a52e3405f3c1be00319cd0b1
7e8338d4be2c09f397e21ffd5d401be0af3a29a0
1d7db7338fd441c2dbb59e36156f42980ef2c88d55b8a1159380ee7928fd9685

HTTP Headers

GET /cdn2.all-guidesbox.com/images/pdf2html2/478/478006/bg1.png HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 10:47:00 GMT
content-type: image/webp
content-length: 119814
last-modified: Sat, 02 Dec 2023 10:47:00 GMT
expires: Mon, 01 Dec 2025 22:47:00 GMT
cache-control: public, max-age=63115200
link: <http://cdn2.all-guidesbox.com/images/pdf2html2/478/478006/bg1.png>; rel="canonical"
x-content-type-options: nosniff
etag: "5797aa4b382f49f0"
vary: Accept
x-nc: MISS arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

1.bp.blogspot.com/-KlqIfiFJtf4/YUZuapc3EQI/AAAAAAAAAHk/eJ6C7ejCU44J4AeNO_9Ka8PSO9PFV38zwCNcBGAsYHQ/s24/cancel.png

142.250.74.161

602 B

URL
1.bp.blogspot.com/-KlqIfiFJtf4/YUZuapc3EQI/AAAAAAAAAHk/eJ6C7ejCU44J4AeNO_9Ka8PSO9PFV38zwCNcBGAsYHQ/s24/cancel.png
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
602 B (602 bytes)
Hash
eca9624f6aeb2f85ab2e755d4fc9a9e8
3d44367997c95483b669d3d6247eb4cc4427e258
4b959a500b92533b037e73b80540107df7931c31a708b8cce3e9405354d6a994

HTTP Headers

GET /-KlqIfiFJtf4/YUZuapc3EQI/AAAAAAAAAHk/eJ6C7ejCU44J4AeNO_9Ka8PSO9PFV38zwCNcBGAsYHQ/s24/cancel.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="cancel.png"
x-content-type-options: nosniff
server: fife
content-length: 602
x-xss-protection: 0
date: Sat, 02 Dec 2023 09:50:48 GMT
expires: Sun, 03 Dec 2023 09:50:48 GMT
cache-control: public, max-age=86400, no-transform
age: 3372
etag: "v7a"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

propositionpower.com/a215683d2d0ce8fecd54e01b99606d75/invoke.js

173.233.137.44

11 kB

URL
propositionpower.com/a215683d2d0ce8fecd54e01b99606d75/invoke.js
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29633), with no line terminators
Size
11 kB (10934 bytes)
Hash
a9a0be0011796e20f8885d85ee370096
988cf43054356c8060ee4b4296d0d5952f6dcd4f
a181b53728c72aee11d7143982a075280b928da67949e8bdb91abe00c27abb55

HTTP Headers

GET /a215683d2d0ce8fecd54e01b99606d75/invoke.js HTTP/1.1
Host: propositionpower.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 10:47:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2583c8b2a59884c1288b7721bb9bb89a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

1.bp.blogspot.com/-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/re.jpg

142.250.74.161

29 kB

URL
1.bp.blogspot.com/-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/re.jpg
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 640x283, components 3\012- data
Size
29 kB (28955 bytes)
Hash
07f7d7cf45987bda9bee80ceeddb0373
652304476b80a07059c0b813b8ebceea6166f4f2
f887562ecfcb59e0783afce6b9ade2336a7122ac3d04ad00673cc05bec1a7415

HTTP Headers

GET /-y8AsxfEerDc/YFSyMPZF14I/AAAAAAAAAAM/JUegMgSE-3o5A_06mx0Fir2-dkB6fAGvACLcBGAsYHQ/s640/re.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="re.jpg"
x-content-type-options: nosniff
server: fife
content-length: 28955
x-xss-protection: 0
date: Sat, 02 Dec 2023 08:49:43 GMT
expires: Sun, 03 Dec 2023 08:49:43 GMT
cache-control: public, max-age=86400, no-transform
age: 7038
etag: "v4"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
5b7b378f2f2e1279be0c0f57ceb0cf93
f03e52739a3a7e746036c3b8b7c42015632a931a
a801964dabaa860b97b788b0dd71cc601c6b38279cf522be462c816352ce1265

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 02 Dec 2023 10:47:01 GMT
Last-Modified: Sat, 02 Dec 2023 09:25:40 GMT
Server: ECAcc (ska/F6BD)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EmhoNvKhqjJcrFWKpGWk690LjlCS4L6p1uPrursITDZ1kidhfW8dDg==
Age: 4881

proftrafficcounter.com/stats

18.157.203.0

40 B

URL
proftrafficcounter.com/stats
IP
18.157.203.0:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b6b52a4311eeac9fd64bf8ffe15cee42
50b0886060b1546b2d212fd588627fa78afa273d
b7b27e3fed731c85bb925d4a2427ddd8d27d80c477dbf6cbf5888e8389449d21

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:01 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8:1:1; expires=Tue, 29 Nov 2033 10:47:01 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

userdatadane88.s3-website-us-east-1.amazonaws.com/favicon.ico

52.216.76.171

539 B

URL
userdatadane88.s3-website-us-east-1.amazonaws.com/favicon.ico
IP
52.216.76.171:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
539 B (539 bytes)
Hash
7241fd9aec9473cabfdbb76456691f8c
65e228b7fea6ccce71f53f185b594453296bfe26
e3696da6360ce8d2fbe5f60bd609b1e9ca82936d4beb99ca7ccbd83645e56d96

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: userdatadane88.s3-website-us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/irobot-roomba-quick-start-guide.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
x-amz-request-id: NERVMXNWNBX17QCA
x-amz-id-2: TvfA2tKbUpjOX8uEArddYouxyeNWvpP3WKDbUL8+JO+ziN+wCuKmdnx3ixb2vhQ52+skOwqkXMs=
Content-Type: text/html; charset=utf-8
Date: Sat, 02 Dec 2023 10:47:01 GMT
Server: AmazonS3
Content-Length: 539

192.243.61.227

0 B

URL
nationhandbook.com/watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1 HTTP/1.1
Host: nationhandbook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 10:47:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com
Access-Control-Allow-Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
Access-Control-Allow-Credentials: true
Location: https://nationhandbook.com/watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1&shu=f80a6d9f9275e7bac3ddbc2a2e5b59849a1ae980c5db0fd887bc1b3c2de22a8f95849ccbe995857795cd5d1af176c6638e01b9bf4a8c1d6c0ef6428a455c4d5fdfb2cfc31e26e467d1b151c938c1e6b7375d6cb5dca68d2cd061d60d40cee0&pst=1701514082&rmtc=t
Set-Cookie: u_pl=16343214; expires=Sun, 03 Dec 2023 10:47:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0MzIxNCwiayI6ImEyMTU2ODNkMmQwY2U4ZmVjZDU0ZTAxYjk5NjA2ZDc1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTc0ODIxLCJwaWQiOjMyNzI1MiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ0bTl6ZzV6Y2QiLCJjcGtzIjp7IjI4IjoiM2I1ZDRiZmQzMzczZTg1YzIxYzA5NjdmMzJlNGEwMjkifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly91c2VyZGF0YWRhbmU4OC5zMy13ZWJzaXRlLXVzLWVhc3QtMS5hbWF6b25hd3MuY29tL2lyb2JvdC1yb29tYmEtcXVpY2stc3RhcnQtZ3VpZGUuaHRtbCIsImFyIjpbXX19.Vea3df-1ICh4S8HqDWMrFII4_Ufp1zvjwMzWn-Rz_XU; expires=Sat, 02 Dec 2023 10:48:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 015109bb901180f3595ead18ce846055
Strict-Transport-Security: max-age=0; includeSubdomains

nationhandbook.com/watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1&shu=f80a6d9f9275e7bac3ddbc2a2e5b59849a1ae980c5db0fd887bc1b3c2de22a8f95849ccbe995857795cd5d1af176c6638e01b9bf4a8c1d6c0ef6428a455c4d5fdfb2cfc31e26e467d1b151c938c1e6b7375d6cb5dca68d2cd061d60d40cee0&pst=1701514082&rmtc=t

192.243.61.227

643 B

URL
nationhandbook.com/watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1&shu=f80a6d9f9275e7bac3ddbc2a2e5b59849a1ae980c5db0fd887bc1b3c2de22a8f95849ccbe995857795cd5d1af176c6638e01b9bf4a8c1d6c0ef6428a455c4d5fdfb2cfc31e26e467d1b151c938c1e6b7375d6cb5dca68d2cd061d60d40cee0&pst=1701514082&rmtc=t
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (604)
Size
643 B (643 bytes)
Hash
965da62e375603ee8ff6fe8efdfe3f24
2bbd2a988576b665f10b796a8b6c1efb0806838f
79a82b7746e321f8bd7f496e8203c55ce4d669462435419114a87ccd5dce3916

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.862451784035.js?key=a215683d2d0ce8fecd54e01b99606d75&kw=%5B%22irobot%22%2C%22roomba%22%2C%22quick%22%2C%22start%22%2C%22guide%22%5D&refer=http%3A%2F%2Fuserdatadane88.s3-website-us-east-1.amazonaws.com%2Firobot-roomba-quick-start-guide.html&tz=0&dev=e&res=14.3093&uuid=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8%3A1%3A1&shu=f80a6d9f9275e7bac3ddbc2a2e5b59849a1ae980c5db0fd887bc1b3c2de22a8f95849ccbe995857795cd5d1af176c6638e01b9bf4a8c1d6c0ef6428a455c4d5fdfb2cfc31e26e467d1b151c938c1e6b7375d6cb5dca68d2cd061d60d40cee0&pst=1701514082&rmtc=t HTTP/1.1
Host: nationhandbook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16343214; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjM0MzIxNCwiayI6ImEyMTU2ODNkMmQwY2U4ZmVjZDU0ZTAxYjk5NjA2ZDc1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTc0ODIxLCJwaWQiOjMyNzI1MiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ0bTl6ZzV6Y2QiLCJjcGtzIjp7IjI4IjoiM2I1ZDRiZmQzMzczZTg1YzIxYzA5NjdmMzJlNGEwMjkifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly91c2VyZGF0YWRhbmU4OC5zMy13ZWJzaXRlLXVzLWVhc3QtMS5hbWF6b25hd3MuY29tL2lyb2JvdC1yb29tYmEtcXVpY2stc3RhcnQtZ3VpZGUuaHRtbCIsImFyIjpbXX19.Vea3df-1ICh4S8HqDWMrFII4_Ufp1zvjwMzWn-Rz_XU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 10:47:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com
Access-Control-Allow-Origin: http://userdatadane88.s3-website-us-east-1.amazonaws.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=9b5c4196-f94f-4ada-90f2-ac6dcd9d0fb8:1:1; expires=Sat, 09 Dec 2023 10:47:02 GMT; secure; SameSite=None
iprc497628d70bc64e7f067aa8956643cd8f=2717340; expires=Sun, 03 Dec 2023 12:47:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 10:47:02 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 10:47:02 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 03 Dec 2023 10:47:02 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 03 Dec 2023 10:47:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cde8711658fad941e50843de96425f37
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16343214

192.243.59.20

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16343214
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (520)
Size
1.4 kB (1427 bytes)
Hash
2997ee036aa57c08c2bb012cc0b06be0
3cd8aa0960524c6e8803b123b20e9f1476af27c0
4b4791faebce6d88dfe4bfe759743eb5e71d38d3249b89e47199a3adafc35de9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16343214 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 10:47:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Sun, 03 Dec 2023 10:47:02 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTYzNDMyMTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3VzZXJkYXRhZGFuZTg4LnMzLXdlYnNpdGUtdXMtZWFzdC0xLmFtYXpvbmF3cy5jb20vIiwiYXIiOltdfX0.tX7vlw7jqBYMNc51GChMefwMknTP3BNHYZuTM9enc9w; expires=Sat, 02 Dec 2023 10:48:02 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2aab59fa94de5b3e1d219e4995d4ccd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE2MzQzMjE0JnBzdD0xNzAxNTE0MDgyJnJlZmVyPWh0dHAlM0ElMkYlMkZ1c2VyZGF0YWRhbmU4OC5zMy13ZWJzaXRlLXVzLWVhc3QtMS5hbWF6b25hd3MuY29tJTJGJnJtdGM9dCZzaHU9NmVjNTYxMDAyNzJmM2VkZmM0ZTM5ZWQwOGMyOTYxOGM2OTIxY2NiMDE4OTRmMWRjOTFhMDg1MWJmZmNmNzRkYTc2NzgyMGE5OTg0NTQ0NTk0NjVhYzlmODBiMDJhNDhkZjU0ZmJhMzVkZGIzODZiYzUwYmI1ZjM5OWJmYzRiOTY0ZWExMTY2YzllMjY2ZTA2NTYyYmE3ZWJiN2YzZjZmMThlYzE0OGY4M2U2YTQxYTE5YzM2MDZjN2QwMTI%3D&uuid=&pii=&in=false

173.233.137.52

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE2MzQzMjE0JnBzdD0xNzAxNTE0MDgyJnJlZmVyPWh0dHAlM0ElMkYlMkZ1c2VyZGF0YWRhbmU4OC5zMy13ZWJzaXRlLXVzLWVhc3QtMS5hbWF6b25hd3MuY29tJTJGJnJtdGM9dCZzaHU9NmVjNTYxMDAyNzJmM2VkZmM0ZTM5ZWQwOGMyOTYxOGM2OTIxY2NiMDE4OTRmMWRjOTFhMDg1MWJmZmNmNzRkYTc2NzgyMGE5OTg0NTQ0NTk0NjVhYzlmODBiMDJhNDhkZjU0ZmJhMzVkZGIzODZiYzUwYmI1ZjM5OWJmYzRiOTY0ZWExMTY2YzllMjY2ZTA2NTYyYmE3ZWJiN2YzZjZmMThlYzE0OGY4M2U2YTQxYTE5YzM2MDZjN2QwMTI%3D&uuid=&pii=&in=false
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE2MzQzMjE0JnBzdD0xNzAxNTE0MDgyJnJlZmVyPWh0dHAlM0ElMkYlMkZ1c2VyZGF0YWRhbmU4OC5zMy13ZWJzaXRlLXVzLWVhc3QtMS5hbWF6b25hd3MuY29tJTJGJnJtdGM9dCZzaHU9NmVjNTYxMDAyNzJmM2VkZmM0ZTM5ZWQwOGMyOTYxOGM2OTIxY2NiMDE4OTRmMWRjOTFhMDg1MWJmZmNmNzRkYTc2NzgyMGE5OTg0NTQ0NTk0NjVhYzlmODBiMDJhNDhkZjU0ZmJhMzVkZGIzODZiYzUwYmI1ZjM5OWJmYzRiOTY0ZWExMTY2YzllMjY2ZTA2NTYyYmE3ZWJiN2YzZjZmMThlYzE0OGY4M2U2YTQxYTE5YzM2MDZjN2QwMTI%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTYzNDMyMTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3VzZXJkYXRhZGFuZTg4LnMzLXdlYnNpdGUtdXMtZWFzdC0xLmFtYXpvbmF3cy5jb20vIiwiYXIiOltdfX0.tX7vlw7jqBYMNc51GChMefwMknTP3BNHYZuTM9enc9w; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 10:47:04 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ffb3c37741a560597dd74ddf83d408a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprc5864f9939ef902344901187e2ef7cb3b=4641329; expires=Sun, 03 Dec 2023 10:47:04 GMT
pdhtkv=true; expires=Sun, 03 Dec 2023 10:47:04 GMT
uncs=1; expires=Sun, 03 Dec 2023 10:47:04 GMT
pdhtkv28=true; expires=Sun, 03 Dec 2023 10:47:04 GMT
uncs28=1; expires=Sun, 03 Dec 2023 10:47:04 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b149175f702130cd39a05254f2a7924
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ffb3c37741a560597dd74ddf83d408a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ffb3c37741a560597dd74ddf83d408a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2ffb3c37741a560597dd74ddf83d408a&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sat, 02 Dec 2023 10:47:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h937d5e2q5; expires=Sun, 03-Dec-2023 10:47:04 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h937d5e2q5-h937d5e2q5-hq1m-0-q5a4bl-ftxofe-ft8pdz-8de677; expires=Sun, 03-Dec-2023 10:47:04 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=3a019h937d5e2q502a&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=3a019h937d5e2q502a&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=3a019h937d5e2q502a&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=3a019h937d5e2q502a&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 02 Dec 2023 10:47:04 GMT
content-length: 0
location: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=6c2c22bc-cfc5-4587-8cb5-b17757b45d77; expires=Tue, 02 Dec 2025 10:47:04 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hf53cTx%2BMT5miclxDPMX8RrxbImP7dxwbfLRG%2Bzrcid9u%2BhKMenxvST7Ec4BrpvM2v7sei7hJAuZKHQ6YHxDYUu197Udx8v4vx2F2BKy7IAnoLrC03hrPd8g0zAPp0rBAzCek83ylMVhq9HZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f2fd5f8f1bb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324

104.21.3.144

1.5 kB

URL
vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.5 kB (1506 bytes)
Hash
d091598187b0c2607db0dc04029e3457
0594d408ea97d509719300d8e4c19ce49078f55b
9f40361e807d9f0d4bbb68b5e68f9626231ae6b04fb26262190529eff247ddf8

HTTP Headers

GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: text/html
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4vbQ2hlgWMDJ4KJuke3dMyJ7ZXSTZ3qcycmVmwjavINvLAPQ%2F1SsW8PLRqQQuC5vNa%2Blc5C6BsfSjl0caBFhYlzmFTaqsnFcj6SmBYBfBuHa7cqCjJ41JJl61v1ZbJg4KnL8sfxVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f2fd605bb8b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i2.wp.com/heironimus.net/images/4be607d36a6d71502afa8a594ed13336.jpg

192.0.77.2

11 kB

URL
i2.wp.com/heironimus.net/images/4be607d36a6d71502afa8a594ed13336.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
data
Size
11 kB (10628 bytes)
Hash
aa3c024d5700bf74f67619561a6673db
35b92865d5de4fdb1a1234ada496dc59aa4dc3d0
ec53a55f5f18667c058e52f796fe179738bbea884887f03fef482ec40cbaedae

HTTP Headers

GET /heironimus.net/images/4be607d36a6d71502afa8a594ed13336.jpg HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://userdatadane88.s3-website-us-east-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 400 Bad Request
server: nginx
date: Sat, 02 Dec 2023 10:46:59 GMT
content-type: text/html; charset=utf-8
x-nc: MISS arn 5
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/assets/trls.js

104.21.3.144

13 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/trls.js
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
13 kB (12776 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4189
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V1FhV96hUUs%2FeqOIGdJYKHUIc%2F4G1UFt9naUfXBfLbJk6spgPJRycUORsA4pG87rW2dvaejNDTy2rilo7BIQBwfnE6cogAp2MSB%2FpTX9W4aVlDJReKecZrNs9s6OZ1S3xp0EmpLTeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd62090bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/favicon.ico

104.21.3.144

0 B

URL
vvfal.veinmaster.top/favicon.ico
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 02 Dec 2023 10:47:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3884
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TI1tcZRHD5hPhQkYU73nqgDrKvawRUcFcKPuf0pcZqMd%2FUoEdqfpK8%2BWHspYfpdyTKhqEFCC22uBS5HlBPhm%2BdB4OLZtjDfyaTwBp02k%2BgB9jr%2FQaOXwvme0RwH8hd8En%2F0dtktvbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd6329e3b50b-OSL
alt-svc: h3=":443"; ma=86400

cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA

104.21.3.144

9.5 kB

URL
cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
9.5 kB (9540 bytes)
Hash
512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a

HTTP Headers

GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Cookie: __psu=b2eb2c61-6eb8-4112-a295-b5612607261d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsrVrwcUC2%2FXpGnB%2F%2BKxbxNxLUAjXtdm7hpk7MjEBlluLeJ6640I%2F7rM4Nfe2paF%2Fl4eVzy2HHA7AJ%2B8HK6WBiqGN56NS0mFfPk7GLvOoOO4ZVKEE04mPXMVmEXp8DW3GqKD1PZf%2FMIZdTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd63aa7cb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 193293
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.veinmaster.top/eyes-robot/assets/1.png

104.21.3.144

11 kB

URL
a.veinmaster.top/eyes-robot/assets/1.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 417
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKCDHn35BB9UzICmdBRVbsE5alFSH1ok4LluwT3fGBTu9jOh56NmAriTGP44nXii4Js1X3SevobG0b1Y0NNZ5qISav5Dyr%2Bk15kZzJAUV1JQaCEHt7m8khMoQ9P69NZeVB7k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd658c40b50b-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/eyes-robot/assets/2.png

104.21.3.144

1.1 kB

URL
a.veinmaster.top/eyes-robot/assets/2.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 417
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B4vmZSZYm98sENMQjYlqYIz6uyxMixUnob%2BRm0x%2Fyz%2BiWE5MQWjS559AUqJgS1iAHpJt%2FQRA50IAAS9WQTiXtRI%2BEfuVclaSThZobuaijHtJk%2FmwcKgsX704h1CCNCOjNctB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd658c46b50b-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/eyes-robot/assets/image.png

104.21.3.144

11 kB

URL
a.veinmaster.top/eyes-robot/assets/image.png
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11043 bytes)
Hash
ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

HTTP Headers

GET /eyes-robot/assets/image.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/assets/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: image/png
content-length: 11043
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-2b23"
cache-control: max-age=14400
cf-cache-status: HIT
age: 417
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPYD9WGcN6%2B8JXTi3OK8p%2By0F0UVb20oYBkJob2iZCrdF2h7JUHsv44QT8Q15jgSlLIf%2BsE8TMD1xX495WiWC%2BvOTlIFf%2FX7M3C2co25XNOp4TVtum4OrbTqAGVFvQFTA774"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd65bc64b50b-OSL
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/favicon.ico

104.21.3.144

0 B

URL
a.veinmaster.top/favicon.ico
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 02 Dec 2023 10:47:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1558
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6aHoZ0ep%2BPgXDcM9Hh0r%2B84ppopG2X7vMcyehSLSMJipYqMz4I14iPrgdDunVZ55t3ZWsqY4KuL1I4Sw0m6Vat7lKCbLiGXw4Kz6o1DF0HtDBcnAwpB0EiNaTnmE9bPWPwL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd661ca6b50b-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 189512
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 193294
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324

104.21.3.144

3.5 kB

URL
a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.5 kB (3522 bytes)
Hash
d091598187b0c2607db0dc04029e3457
0594d408ea97d509719300d8e4c19ce49078f55b
9f40361e807d9f0d4bbb68b5e68f9626231ae6b04fb26262190529eff247ddf8

HTTP Headers

GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324 HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: text/html
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hjlm8vThEyx95ifAV7d%2BpKAKbUsBoaYMz39%2B%2FCmZ50K4y9GpsRQYljtu3DJf1LmN2WtZ%2BrX7nPgWqbF8XZC2LjA4S05F9zn1%2B9nSYvU48pbv9ehv1XRc%2Fv2Puay1nX4kJrN2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f2fd650bdbb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTE0MDg2JnJtdGM9dCZzaHU9ZWUxZjkxMTVmOTE2NjZmMDAwODUxZDc4MzQxZTM2N2E3MzVjM2JiNGIzM2FkZTY3ZDZkZTA0MWVmZGRlNmI5OGU4NDA5OGFmNWQwNDliNjg0OGJkNWMwN2NmYWRkM2M2YTYzZjA5NTYwMDIyOWI5YWYzMmRmODJiODAyOThjZjFhMTg4MjEwMzA5NzNhNjQ4MzRiMTExM2Q2ZjRmM2QyYjE4OWZkMjc5NTM4YTY0NDE5YWMxODNkZWRlOGE1OTY4YWE%3D&uuid=&pii=&in=false

173.233.137.36

302 Found

0 B

URL User Request GET HTTP/1.1
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTE0MDg2JnJtdGM9dCZzaHU9ZWUxZjkxMTVmOTE2NjZmMDAwODUxZDc4MzQxZTM2N2E3MzVjM2JiNGIzM2FkZTY3ZDZkZTA0MWVmZGRlNmI5OGU4NDA5OGFmNWQwNDliNjg0OGJkNWMwN2NmYWRkM2M2YTYzZjA5NTYwMDIyOWI5YWYzMmRmODJiODAyOThjZjFhMTg4MjEwMzA5NzNhNjQ4MzRiMTExM2Q2ZjRmM2QyYjE4OWZkMjc5NTM4YTY0NDE5YWMxODNkZWRlOGE1OTY4YWE%3D&uuid=&pii=&in=false
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNTE0MDg2JnJtdGM9dCZzaHU9ZWUxZjkxMTVmOTE2NjZmMDAwODUxZDc4MzQxZTM2N2E3MzVjM2JiNGIzM2FkZTY3ZDZkZTA0MWVmZGRlNmI5OGU4NDA5OGFmNWQwNDliNjg0OGJkNWMwN2NmYWRkM2M2YTYzZjA5NTYwMDIyOWI5YWYzMmRmODJiODAyOThjZjFhMTg4MjEwMzA5NzNhNjQ4MzRiMTExM2Q2ZjRmM2QyYjE4OWZkMjc5NTM4YTY0NDE5YWMxODNkZWRlOGE1OTY4YWE%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 10:47:07 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Sun, 03 Dec 2023 10:47:07 GMT
uncs=1; expires=Sun, 03 Dec 2023 10:47:07 GMT
pdhtkv28=true; expires=Sun, 03 Dec 2023 10:47:07 GMT
uncs28=1; expires=Sun, 03 Dec 2023 10:47:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af6bb687f3f8e6a502fe4066d3acd20c
Strict-Transport-Security: max-age=0; includeSubdomains

a.veinmaster.top/eyes-robot/assets/style.css

104.21.3.144

14 kB

URL
a.veinmaster.top/eyes-robot/assets/style.css
IP
104.21.3.144:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
14 kB (14296 bytes)
Hash
a18afa3eac509b6062c9362a725ac421
5e06e9b3af42189e9456a7ea3bda665e10c86405
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=3a019h937d5e2q502a&sub_id=16122660&nrid=a96f538698de4fe2924e5814c17597bb&hash=9qd5MgRKrH-9wyCL4ck-9A&exp=1701514324
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 02 Dec 2023 10:47:05 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-cf6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 417
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIGMPDeJ4MkHbFdDXnGGwPrFEXb9WSc%2BH%2BOF927rqxHxAYHQLSPAxsEd0WxF2d5mYH9Xr%2BBENa52WVKAF4dRJN1sOhlizJgsJL9yBxJ2fhsfHXPMKzMOPJ%2BcO%2BuDhPfLgdTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd658c3eb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 02 Dec 2023 10:47:07 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node0ckfes4qa11qk1pw2zkio8lirc5370385.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0ckfes4qa11qk1pw2zkio8lirc; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 10:47:07 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 10:47:07 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Mon, 01-Dec-2025 10:47:07 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 02 Dec 2023 10:47:07 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 02 Dec 2023 10:47:07 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 02 Dec 2023 10:47:07 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

0 B

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 02 Dec 2023 10:47:08 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd74c91f7127-OSL
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

956 B

URL
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

172.64.144.152

2.5 kB

URL
welcome.unibet.com/custom.js
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.5 kB (2530 bytes)
Hash
7bf01e92dd55d5fa298f55fbcb9afd30
4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc
2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: application/javascript
cf-ray: 82f2fd74b8f77127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 203616
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

2.0 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text
Size
2.0 kB (1976 bytes)
Hash
04fc48de78cbfc5d1557e9df399c7733
e1bf77a4fef1943b0eab404c4abbe9477cb373e0
4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82f2fd74a8ef7127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 12870
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

10 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
10 kB (10149 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: image/svg+xml
cf-ray: 82f2fd74c9107127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 110075
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.138

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:33:53 GMT
expires: Thu, 28 Nov 2024 17:33:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 234795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

44 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
44 kB (44033 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: text/css; charset=utf-8
cf-ray: 82f2fd74a8ec7127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 190748
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

1.5 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Size
1.5 kB (1473 bytes)
Hash
730e6377072b77d80bca30d96fb63b27
64bf5fa49e24ff2f79ad9152f3ef7bd7baab5ad0
bb461ad12e6f931815042b57a447b64e8d3a06d1576c1f7c79b9c7e5a42a8b34

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: image/svg+xml
cf-ray: 82f2fd74c9047127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 282180
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

0 B

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 02 Dec 2023 10:47:08 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd76dbbe7127-OSL
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.140.13

110 kB

URL
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.140.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (54456), with no line terminators
Size
110 kB (110301 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 190708
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j9WhABehQC6Qtp8YmaNjnuXcN%2F%2BZSaFel8SYeu0z%2FxTJGxq8vsX5Ub3u3lKvgfr2lj7eX%2BbCdEsllhmT2wecRNNk79qnD4O4dhpAFmTuTXl1iGwfuZCm%2FrkjYddtmV5VtiXjrqmS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f2fd759abc24ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

11 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82f2fd76fbda7127-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 203521
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

10 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
10 kB (10547 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: image/svg+xml
cf-ray: 82f2fd74d92d7127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 275831
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

1.3 kB

URL
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.3 kB (1286 bytes)
Hash
65ea5280729cbf3a16e92c487e3f64f5
7c57c42c305ba8f679a0cb1a9927fb7ee7be5ec3
fd9c9add6722644586fae45f878fdcb82a06a9a7ee8270d5fc1a498acfc76ade

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

18 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Size
18 kB (17832 bytes)
Hash
d9f476ef25b46fd901a7f79b5bdbb9f4
c7d2758d17518dd1da5c352fed93654248fd37a7
bf35a33c9a8a912b82a62cffbca0c69a5db72aba6c622b77d471a1428b969dd2

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: image/svg+xml
cf-ray: 82f2fd74c9177127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 193600
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.138

75 kB

URL
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
75 kB (74998 bytes)
Hash
59a72c66c3ae0443c32934fdf017a93d
830b1b8afdb3ecaa562aca27fed228a7e4dc1dd5
a7a2c4c48de4342adae9159eca19a0048b9dfa9ddfc4ba4c9cca01ddf2a92bdc

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 02 Dec 2023 10:47:08 GMT
date: Sat, 02 Dec 2023 10:47:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 184653
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

71 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
71 kB (71148 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_54723172D55246A98D78A5172FE33C5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82f2fd769b847127-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 96208
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

16 kB

URL GET
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 220215
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

0.0.0.0

25 kB

URL GET
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:09 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 351
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd7afe6cb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521

172.64.144.152

200 OK

17 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; __ucbt=node0ckfes4qa11qk1pw2zkio8lirc; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_54723172D55246A98D78A5172FE33C5A; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_54723172D55246A98D78A5172FE33C5A%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:08 GMT
content-type: text/html; charset=utf-8
cf-ray: 82f2fd72df5a7127-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89333f5f-801e-0030-260c-25accd000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_54723172D55246A98D78A5172FE33C5A;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905

13.107.213.53

307 Temporary Redirect

17 kB

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_54723172D55246A98D78A5172FE33C5A&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701514027652)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231221047%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210651552780%7c1%22%7d%5d; domain=.unibet.com; expires=Mon, 02-Dec-3022 10:47:07 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0KwtrZQAAAAC9UZP5iw0iTa7vPirEAyysU1ZHMjBFREdFMDYxNwAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Sat, 02 Dec 2023 10:47:07 GMT
content-length: 0
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

0.0.0.0

4.9 kB

URL GET
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_54723172D55246A98D78A5172FE33C5A&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 02 Dec 2023 10:47:09 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 372
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f2fd7aee68b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (79)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash