betterstudio.com/wp-content/plugins/edd-aelia-currencyswitcher/src/js/frontend/frontend.js
36 B URL betterstudio.com/wp-content/plugins/edd-aelia-currencyswitcher/src/js/frontend/frontend.js
IP
Hash 1648c7ffc5ec6d28f2fd721173cf9e24
ffa71388cd407edbd057645406e7558262eaffe9
239cd679e07acd292618e419f251a1af8a9a6368c82d4d452ccda93c1a76e96a
GET /wp-content/plugins/edd-aelia-currencyswitcher/src/js/frontend/frontend.js HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: application/javascript
content-length: 36
cache-control: public, max-age=2592000
display: staticcontent_sol
etag: "5bd9ce0a-24-gzip"
last-modified: Wed, 31 Oct 2018 15:45:14 GMT
response: 200
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-ezoic-cdn: Hit ds;mm;1a803a543089b557c8590ddaec3081a0;2-368058-278;e1395b4c-1266-4457-71cc-d5ee1c63df1e
x-frame-options: SAMEORIGIN
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control: max-age=2592000
x-runcache-type: srcache
x-runcloud-srcache-fetch: BYPASS
x-runcloud-srcache-store: BYPASS
x-sol: pub_site
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 174779
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nExLVu2zqCwiJBnWm0Et5tteEfe2nZIGW04VXEVuAfxzgXNfwNeSl7uKISbp%2ByZK9wDK%2FWQCCoRQzLZX3ujLG0K8Bxv0ERanChFmi59buMNgvOchgpnwF4g1CS39hwv2iuqb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d43add0b518-OSL
alt-svc: h3=":443"; ma=86400
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
7.3 kB URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
File type gzip compressed data, from Unix\012- data
Hash e3f58b210d2222ce0a8855c37d916fc9
28db5e129041f6fed937e87789d9fcb0f74bd009
c72798c0bb5887339e0bee9f9387cfa6128eb530813a19fa7df4a40b3cceb282
GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d440e18569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-54350401-1
51 kB URL www.googletagmanager.com/gtag/js?id=UA-54350401-1
IP
File type ASCII text, with very long lines (2213)
Hash d4af3183be81d58f3f684426827f76c9
d758b21cf9f94efcc06c211ef44cbcdc677327e0
500d47f552b901cfc176829ea4da16428af15d7b79fc062d200795633734bebc
GET /gtag/js?id=UA-54350401-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 30 Nov 2023 03:48:22 GMT
expires: Thu, 30 Nov 2023 03:48:22 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
the.gatekeeperconsent.com/v2/cmp.js?v=143
44 kB URL the.gatekeeperconsent.com/v2/cmp.js?v=143
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash bf43740e2be62aae292f6aa8e9af348f
93652f41b0c78afd930cb5c96eb082c7ebb34060
1d2bbc0e37a39f463149597b169d2b0078a939bf2eafd47acfb490dc1d1ec22a
GET /v2/cmp.js?v=143 HTTP/1.1
Host: the.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
cf-bgj: minify
last-modified: Wed, 29 Nov 2023 16:51:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 36866
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XqvtRnGdP2qCJq8J3TwQrk4xt9fJVyCFAv9ABPN2mS5t7HIjsAUY1IEkSVrbz%2FTICm46MlO13%2ByEqozz4gjVaFNfhyW%2FiZWja%2B7Ub22uDwDbuCvLs0vr3kdUipjh%2BLsYJNW4F0Qu%2B94OOH9j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d43ac7cb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ezodn.com/detroitchicago/consentsettings.js?cb=2
1.0 kB URL ezodn.com/detroitchicago/consentsettings.js?cb=2
IP
Hash 3a97ba13f255c9e558afa46584903ce3
faeedbdc6512014b3c4cd43ff65b08db8cac9a0a
383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c
GET /detroitchicago/consentsettings.js?cb=2 HTTP/1.1
Host: ezodn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
etag: W/"5be-60995afb648c0-gzip"
last-modified: Tue, 07 Nov 2023 20:19:23 GMT
vary: Accept-Encoding
x-robots-tag: noindex
cf-cache-status: HIT
age: 162966
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyuCIFRi2DB1nwUw3rOeaVkNVIVeLDUvHOQtgZgfDNFHIO72BaU2TsziOg9S3jga8QQx1EdKVWz%2BUPmsQ%2BkKAOV91%2By2AmJ3i6heEVD6Rh5P%2FPaVEY8UKeA39qM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d445e15417f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
betterstudio.com/wp-content/plugins/ncm-blocks//src/ProductImage//assets/glightbox.min.js?ver=2.8.1
16 kB URL betterstudio.com/wp-content/plugins/ncm-blocks//src/ProductImage//assets/glightbox.min.js?ver=2.8.1
IP
File type gzip compressed data\012- data
Hash 7b97e2648cdf08d567370dfd77b18f39
abd5600d96afa9b408fc91bfb67e8bbc7313992f
38047a5232dffcbd7567ef0267b2d8f83fab107f440fd48513e701e8e7de6624
GET /wp-content/plugins/ncm-blocks//src/ProductImage//assets/glightbox.min.js?ver=2.8.1 HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
content-encoding: gzip
display: staticcontent_sol
etag: W/"642da8f3-dadf-gzip"
last-modified: Wed, 05 Apr 2023 16:59:31 GMT
response: 200
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-ezoic-cdn: Hit ds;ds;c8e78e52dfaab376b82110a74a2491b2;2-368058-278;c66c94b0-69b7-41a9-564c-8618cd310863
x-frame-options: SAMEORIGIN
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control: max-age=2592000
x-runcache-type: srcache
x-runcloud-srcache-fetch: BYPASS
x-runcloud-srcache-store: BYPASS
x-sol: pub_site
x-xss-protection: 1; mode=block
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fLW3vb7AnbjYRjyhGSBywrPW0Ktkg2%2Bcd10iRCLmPwkN28APYWwItQXYZuhjyK6gPUh06mH6EcMNPYMPQnM9iyVLUyDphCJVLc5LBWU5aG%2BWYNHzmUORRUsL4SevJ%2FWM0FL1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d43bdd3b518-OSL
alt-svc: h3=":443"; ma=86400
betterstudio.com/detroitchicago/imp.gif
43 B URL betterstudio.com/detroitchicago/imp.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
POST /detroitchicago/imp.gif HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1306
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false; ezouspvv=0; ezouspva=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:22 GMT
content-type: image/gif
content-length: 43
access-control-allow-headers: Content-Type
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://betterstudio.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Wed, 29 Nov 2023 03:48:22 GMT
vary: Accept-Encoding
x-middleton-display: imp_sol
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKEVDqkuf1%2Bp6A4uHfrgTB9MalMeOQLuKeUy%2FPJWfDo0DZOAAiSch0WfpZtRAkFvUkTKlhNI2P7a2fQ%2FOlM5wwdNvBw7K7%2BqA0Sco%2FzqHm%2FMirUYDmyq3sz%2BuJ8eYzu3KTQK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d478ee7b518-OSL
alt-svc: h3=":443"; ma=86400
betterstudio.com/parsonsmaize/abilene.js?gcb=195-0&cb=30
17 kB URL betterstudio.com/parsonsmaize/abilene.js?gcb=195-0&cb=30
IP
File type ASCII text, with very long lines (62764), with no line terminators
Hash c937b5da13e3efb2936dbaafdf6c9d3e
185fa59b42c242fd07228ccf9932df7aadbf32e6
7f6f189de042a277f4a06cd33854982ce5c09c2ba5aa22a014f2573f4790b53c
GET /parsonsmaize/abilene.js?gcb=195-0&cb=30 HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:22 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 602140
last-modified: Thu, 23 Nov 2023 04:32:42 GMT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IvwtlzWn4y7LbioRYYFRRwcQzkBoyzyumElrqKR8oE23A3KkXuyc4UzdB5dMHZUqczfi0TYOu7IZrE9AL79A8Mv4NZTHBaDkyalFwZUSTn7JLwxTsA%2Fs8PJK04KLB03qvaG7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d467e9eb518-OSL
alt-svc: h3=":443"; ma=86400
wokm8isd4zit.com/9f/30/de/9f30def9834d89bb58253c12d861f8de.js
23 kB URL wokm8isd4zit.com/9f/30/de/9f30def9834d89bb58253c12d861f8de.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59738), with no line terminators
Hash 25609805555d4db224ae098ed74211b8
ff93457c28fc0abeed755ef65e443902ed984d1f
0026fe577437eae0372f65ed8755a7f1b20c3549b20705e433c33cf7ff7d5177
GET /9f/30/de/9f30def9834d89bb58253c12d861f8de.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4f3ee5b172b3260b0f7081d132cb8a9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash 5f98417c5efbc404cdc6e1eddca05845
123fef79582954e02a5acbd4b65e5c8c5ba14397
7e4f8947cb87eff6976f88fd49a323f00ec79211df4f468d9c622c91c42de0d1
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 30 Nov 2023 03:48:23 GMT
Last-Modified: Thu, 30 Nov 2023 02:20:11 GMT
Server: ECAcc (ska/F6E3)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sMyik8x6BXWC1PemTFZWzH21uDEJ7ZdH7XTa3LjTPZJ7awa6u1EXxg==
Age: 5292
proftrafficcounter.com/stats
40 B URL proftrafficcounter.com/stats
IP
File type ASCII text, with no line terminators
Hash 0afd0edbaae865b44c44ba7e389864da
4fc674d1fefc5f833950975a01ced0911487b74c
314899387a056a22c39052017edbba4b90a66ca2a4cbd30e044ce8c695fd21e3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://betterstudio.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Sun, 27 Nov 2033 03:48:23 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
betterstudio.com/beardeddragon/axolotl.js?gcb=0&cb=12
48 kB URL betterstudio.com/beardeddragon/axolotl.js?gcb=0&cb=12
IP
File type gzip compressed data\012- data
Hash 7e1c862c8cf19ccc8d7fb89e7f429cf3
839e4adf3c064aefa53e9e37bab4db689a25cd6c
1b71ec75028fce10c68e5104296ae826c516c64fd07df13153c9c9199ce46845
GET /beardeddragon/axolotl.js?gcb=0&cb=12 HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false; ezouspvv=0; ezouspva=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:23 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 502234
last-modified: Fri, 24 Nov 2023 08:17:49 GMT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Mn1QJ1Z4P6sWQMhBxvy2Y0A%2BFCG8h5vHR%2BTayY9iqdhnyIEcsc5FzS4Q4usHqlUMAezbV58v4yHxWapMU34hbK4nmfClU3W4SqonvA3Qnc7H97EVRDXkD4XSwKxCsbGnn5g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d4e28e1b518-OSL
alt-svc: h3=":443"; ma=86400
betterstudio.com/parsonsmaize/mulvane.js?gcb=195-0&cb=5
74 kB URL betterstudio.com/parsonsmaize/mulvane.js?gcb=195-0&cb=5
IP
File type gzip compressed data, from Unix\012- data
Hash 09968192977df7ad28b8e673960a14e7
feb9a56bde0c272b880bd315decc41c488d21c68
4bd19a1a6784dba710eefdba3ff54dae3ff1821227cc4067a905f93ae08034f6
GET /parsonsmaize/mulvane.js?gcb=195-0&cb=5 HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:22 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 676162
last-modified: Wed, 22 Nov 2023 07:59:00 GMT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jLJV86XdtwJh30EfIQ5VGLhVv0vhxKR7T%2BorC8fl0amGUXuzLQArES%2BeEZX8g9O1JnWHR7ohhF4uUD5itUDtPdMxxQGVreO4LFHwmyGCqsmIemMkNIusBW4eTdxmbCgaktY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d46fec3b518-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
bshr.ezodn.com/?did=368058&bf=30000&dc=1254144
51 kB URL bshr.ezodn.com/?did=368058&bf=30000&dc=1254144
IP
File type JSON data\012- , ASCII text, with very long lines (4837), with no line terminators
Hash 0013d822fdfa917295eb671934904509
ea7f8af47ba0ada2579bfd0055de6c83329e9d06
c45f199b62178fb3a5db2d01327232037f1b6f5606fcb04a696d1bea1ada5afa
GET /?did=368058&bf=30000&dc=1254144 HTTP/1.1
Host: bshr.ezodn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-PINGBACK: pingpong
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:22 GMT
content-type: application/json; charset=utf8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://betterstudio.com
access-control-max-age: 1728000
cache-control: private, max-age=1209600
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Sun, 12 Nov 2023 12:07:01 GMT
cf-cache-status: HIT
age: 1448721
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEZYe2uqfsXx3NrbNEE4px0Rd2MfvikaFgKNjr9q5FvWf5Z%2BbfNVuYNqjjAbhyQmU7%2FRJZjYHYLljGkdXAwKIQUgqMpBhAr7aZ1epeTNqUbMtTKbGjRDnCkA20L2r1cxmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d485c827768-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29667), with no line terminators
Hash 09aea7847e95bcc17e47b9bdff4e6686
bbd895e5947b247f55f960476950377d7be50c5b
9e99febfb7f347b1fee15afc9cc1f8955b706f1cf66c9c8487e6fd75752d7530
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64b7650629e58f4f7353df1cacfda59a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
g.ezodn.com/cmp/v2/v.js?v=4
1.7 kB URL g.ezodn.com/cmp/v2/v.js?v=4
IP
File type ASCII text, with very long lines (4651), with no line terminators
Hash 77304d2e4bf5f93eea562bc8d89abdeb
1edaa0e5232da58ba84f56c81d91518b9d16f71e
dce8ae752b8ed25d878707381a347b8889bfde191cd468eac141c5526a1f13dc
GET /cmp/v2/v.js?v=4 HTTP/1.1
Host: g.ezodn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
last-modified: Wed, 20 Sep 2023 17:04:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1381931
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=STavILHNDxBwV7lfzmnj5E8HwnU5AGC0Gpwz5b2VEni2f%2BVLbkt8tS69%2BPc0GRK%2FsjmTkCU9T%2FJ4%2FfJa5OY%2B60l1GaNAbBQ2YPlj6Gggtr9ZM1iBnzNpsmSRPjQaLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d448acb71de-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29655), with no line terminators
Hash 0c0092b2cebed9ffb104fec742d77359
376f257781b2b76bdf8f7025d13b03d909c5b702
4262e5cb0cc940a0d216b4713acd975e4968bf25ec6163b11598cc6c3502e5b7
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c9d93c94d48f5225b9652294ef32453b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
the.gatekeeperconsent.com/cmp/gvl.json?v=4&lang=en
71 kB URL the.gatekeeperconsent.com/cmp/gvl.json?v=4&lang=en
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65514), with no line terminators
Hash d9a76a71d6066430609b18e2a077d7da
ccaf29517b4376727b5a6fd7ead6df946c6aa307
a3b15a44018d442497f2e89238c9d15d6176703bcfa0795d2c61027663f83b8b
GET /cmp/gvl.json?v=4&lang=en HTTP/1.1
Host: the.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:23 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=345600
last-modified: Mon, 27 Nov 2023 20:24:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 199442
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzWS1OTXBQd2CSApayoRwkPdX3cvGRSH6Lr80LJii2%2F4HNVWU5P3wjXXO78loGxuVNqvLyz3CM5GY1VQS1TqBcMwTqwi0DrFZL4Quja8amm55OXCAKEiNT7tEopD6IN58WNRMW1Mai1bY2VW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d5119e2b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29673), with no line terminators
Hash aabd21c5256351107ff4f7ccbfa50b5d
737e9111bcd68ac3d41f11f596d2aee8331bceb8
70a223794145c3e093343b3b7e06fe639b1de6bf01c3c1dc833a111a7bbf9d7f
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dcf87a324ad1f5b5b753259f0bfc1568
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
explodemedicine.com/watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
0 B URL explodemedicine.com/watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1 HTTP/1.1
Host: explodemedicine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com
Access-Control-Allow-Origin: https://betterstudio.com
Access-Control-Allow-Credentials: true
Location: https://explodemedicine.com/watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=b0bcb88ae939164e3f38e0d4bd619159e5c131caa8e4dcc34c36984632ba10d3f4b5721ccc7d7a6f2a215c59ec3ef2fd76a99ce2eb7404fa7de1b684f0f949e3ad3051ea4378f3efd1adc2cc1e6e31ec5e16182760336e72e56566800c18f26768d4f6&pst=1701316164&rmtc=t
Set-Cookie: u_pl=20077069; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; expires=Thu, 30 Nov 2023 03:49:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76b4ddd1f679b7194a6f750564358f3b
Strict-Transport-Security: max-age=0; includeSubdomains
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29664), with no line terminators
Hash 927c5954a81bf4df78b73b35061ef14d
709a06107446a14a209f9b70955e9f160cd88b1a
5a2251711563bbf716ec4bdfeeeaf42f113547ebb1276967848d383e3e7a32dc
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db75f24c0cfba0b6b49f925f760b3cea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
explodemedicine.com/07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js
15 kB URL explodemedicine.com/07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (42799), with no line terminators
Hash 609a2203c4a2299cfadd0a8b052f1314
0478a5eb920e7260911d855198329d3ee194d6ef
43a3279bea24c0e5935e009e484d25a7eee03126df465747fa603540d522a348
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js HTTP/1.1
Host: explodemedicine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3459fa941dc1951ccc5b1fcdee3db104
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
explodemedicine.com/watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=b0bcb88ae939164e3f38e0d4bd619159e5c131caa8e4dcc34c36984632ba10d3f4b5721ccc7d7a6f2a215c59ec3ef2fd76a99ce2eb7404fa7de1b684f0f949e3ad3051ea4378f3efd1adc2cc1e6e31ec5e16182760336e72e56566800c18f26768d4f6&pst=1701316164&rmtc=t
2.1 kB URL explodemedicine.com/watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=b0bcb88ae939164e3f38e0d4bd619159e5c131caa8e4dcc34c36984632ba10d3f4b5721ccc7d7a6f2a215c59ec3ef2fd76a99ce2eb7404fa7de1b684f0f949e3ad3051ea4378f3efd1adc2cc1e6e31ec5e16182760336e72e56566800c18f26768d4f6&pst=1701316164&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2661)
Hash 38db18d915e9766368bd59b797f79187
2aa90008f6b8fd8fcacd641e4c386185b771c961
c009fd2e44ca7f85682acaf3aa4d3c33ed9639cc19723faf026890ea64e71935
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1302500771339.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=b0bcb88ae939164e3f38e0d4bd619159e5c131caa8e4dcc34c36984632ba10d3f4b5721ccc7d7a6f2a215c59ec3ef2fd76a99ce2eb7404fa7de1b684f0f949e3ad3051ea4378f3efd1adc2cc1e6e31ec5e16182760336e72e56566800c18f26768d4f6&pst=1701316164&rmtc=t HTTP/1.1
Host: explodemedicine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
Referer: https://betterstudio.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com
Access-Control-Allow-Origin: https://betterstudio.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:24 GMT; secure; SameSite=None
iprc2f8791a1d113e24b1a98467ebad26dd6=3569806; expires=Thu, 30 Nov 2023 07:48:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8e7cd97d67b10d7c5f60ec8fe03d95a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29685), with no line terminators
Hash 6a93ac1b6857e623ef44b4a5316a92d4
b459a83a08d0cf780a289293e479c1ed97223466
4f98dd892ba8a163c37839596bc0d91b4179969551ab583bfe5370a18662bee5
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6843f43dee92c395498629ba1c4a1cb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
betterstudio.com/wp-content/plugins/affiliate-wp/assets/js/jquery.cookie.min.js?ver=1.4.0
6.1 kB URL betterstudio.com/wp-content/plugins/affiliate-wp/assets/js/jquery.cookie.min.js?ver=1.4.0
IP
File type gzip compressed data\012- data
Hash 346d759f8e7bb1b5464f919ec6160b38
fedc829f3cf7f8c7002642b6ee883706fbc4527d
a0d4095d1d20e94f6676fd95b57dcb0c69a117570c152f4575a7ad23d02dbecb
GET /wp-content/plugins/affiliate-wp/assets/js/jquery.cookie.min.js?ver=1.4.0 HTTP/1.1
Host: betterstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Cookie: ezoadgid_368058=-1; ezoref_368058=; ezosuibasgeneris-1=bd4e45c7-a250-44e0-51ed-fc9d6988da8d; ezoab_368058=mod256; active_template::368058=pub_site.1701316100; ezopvc_368058=1; ezepvv=36; lp_368058=https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/; ezovuuidtime_368058=1701316101; ezovuuid_368058=ff6f6fff-67a1-404e-78e4-e65cf0e9ece8; ezCMPCCS=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: application/javascript
cache-control: public, max-age=2592000
content-encoding: gzip
display: staticcontent_sol
etag: W/"605d74c0-683-gzip"
last-modified: Fri, 26 Mar 2021 05:44:32 GMT
response: 200
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-ezoic-cdn: Hit ds;ms;6c54f21d67f3f88e5a18eb1eb2f38e3f;2-368058-278;a86c1f95-1ebe-4b53-76d6-095dd9edc008
x-frame-options: SAMEORIGIN
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control: max-age=2592000
x-runcache-type: srcache
x-runcloud-srcache-fetch: BYPASS
x-runcloud-srcache-store: BYPASS
x-sol: pub_site
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 331306
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCTuCbWXHMAL4MDzp%2FcsJbntoR59JBTZmQCqebpxMAGCc%2FMpxvhKe3jEAXA8v%2Fwnh36jg%2BEr2hy6xNQNcoKK7m%2BDUHujxPPSG7%2FTMYpKLfXTQE919wcaLlRL%2F5A2IU4WIBjl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d439dbfb518-OSL
alt-svc: h3=":443"; ma=86400
wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
11 kB URL wokm8isd4zit.com/435ed28cdf2254a297d56d50667099cb/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (29673), with no line terminators
Hash 066c0fb8a56453979c77a2b370f6ebd0
b1d524c97adefc3012054e759cdba0b8cb8acd35
6dda5bf0c0ac3e51733f44b76d4e54e5a43058f072688596244375fee3b4148e
GET /435ed28cdf2254a297d56d50667099cb/invoke.js HTTP/1.1
Host: wokm8isd4zit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f14ccb573e66fff57876ff1f5a9c901
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
144 kB URL cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:24 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 02 Dec 2023 03:48:24 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
vintageperk.com/07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js
15 kB URL vintageperk.com/07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js
IP
File type ASCII text, with very long lines (42847), with no line terminators
Hash 17b1189086645b48a85158c7ff924aa4
739fb6e6a4a6dd0e4763c68fd0f6b27f6e850fcb
7805ad5e1637fc80bf5f1952f4edcd494792b4a7642b8c644027e5db2292a2a3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /07/d8/f7/07d8f7f47a93604d7e5120d1880a3523.js HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd23ed8577d15681f980df04afbccb57
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
vintageperk.com/watch.1379165685674.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=8fcff6856064fff27736e8dc14744511e0170edc717d74261a8d23a40c2c022f39785a2bf1123415b0bb2d5f5a0e6ddb1131551ca9dd64e18c81f057014b82abc05fb6dcd4b511a38f33fb1aa523f22dda2d77d83f96de0e0a519877b1920866b3aea7&pst=1701316164&rmtc=t
643 B URL vintageperk.com/watch.1379165685674.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=8fcff6856064fff27736e8dc14744511e0170edc717d74261a8d23a40c2c022f39785a2bf1123415b0bb2d5f5a0e6ddb1131551ca9dd64e18c81f057014b82abc05fb6dcd4b511a38f33fb1aa523f22dda2d77d83f96de0e0a519877b1920866b3aea7&pst=1701316164&rmtc=t
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (604)
Hash 2a255d9e40361af91e9df823a4c7e3a5
730e0d2ab062ff17010f481ac37b571bf461de4e
32db4183df34818df6caade9a84501ec580b7e4aee432b6a610f63cc1980a8c8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1379165685674.js?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&shu=8fcff6856064fff27736e8dc14744511e0170edc717d74261a8d23a40c2c022f39785a2bf1123415b0bb2d5f5a0e6ddb1131551ca9dd64e18c81f057014b82abc05fb6dcd4b511a38f33fb1aa523f22dda2d77d83f96de0e0a519877b1920866b3aea7&pst=1701316164&rmtc=t HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
Referer: https://betterstudio.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com
Access-Control-Allow-Origin: https://betterstudio.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:24 GMT; secure; SameSite=None
iprc992fa95342a2d95a6b036aae98f915f2=2717340; expires=Fri, 01 Dec 2023 05:48:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 65a8a08edbdda7f05fd1fdf6a7d753ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
banquetunarmedgrater.com/advertisers.js
0 B URL banquetunarmedgrater.com/advertisers.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:25 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: e0c56f64194012fd585b60317a5bb4a8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 30 Nov 2023 03:48:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=boC0HJaUyL0xcKb0MR0HqeiC0sNBak1ae9Hkco9YRZNneuKj181k43ZSvCHcLWBAZoVJEz0PWd57iY9UWULvW5Vp2uCR8DYGS%2FGkpuKCb6UfosbiFEi5EBhGla06wNFgyenPJZk1AVZrpM8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d58b9a2712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
privacy.gatekeeperconsent.com/tcf2_stub.js
14 kB URL privacy.gatekeeperconsent.com/tcf2_stub.js
IP
File type ASCII text, with very long lines (1127), with no line terminators
Hash 2077ac96432bf99cc1ea7ca15161d605
ea356f246f2255a9ad45d96df40a6ee21dafb4f5
86e721bb96c71af08a282151a6246606d325447fc603947cffb628265d7509be
GET /tcf2_stub.js HTTP/1.1
Host: privacy.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:21 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=15780000, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flZOlfZI1fhq9D8Hd73dYVb%2FzmHWYmXOiJxelnsRDg20eEcRA2MI1mOEUkRep2sEibrwMaHeFV7FLlLk0%2FEBCNmO28zn7kA2mVWWGB8o9J8Ysgh5kL%2BaVnKVSKAYozySLO6t8PN%2Fq3oJNJguXNch1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d439c75b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
shamelessgoodwill.com/watch.523085538270?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
1.5 kB URL shamelessgoodwill.com/watch.523085538270?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1100)
Hash bf846a422004a47690943b2fb050a5d4
9d0491208645bd8065f8ebca0787ef114f8f96de
b78bfbe6ee0d8be2ea890489fbe38783a40c6558c230e8e867abbd4e3d12c1b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.523085538270?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1 HTTP/1.1
Host: shamelessgoodwill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=20077069; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; expires=Thu, 30 Nov 2023 03:49:25 GMT; secure; SameSite=None
uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e0b90e0c6c9052f837b7f64a8520880a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sensualtestresume.com/watch.1683870018281?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
1.5 kB URL sensualtestresume.com/watch.1683870018281?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1104)
Hash 16715505a435c14fde83e8b818e73d7e
5ecc0e68c4020936f39b8c3bfb37096e1d119441
acb7794e94ceceff3526baf54177d64350cf593cded1b579b1aead2e5274de31
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1683870018281?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=20077069; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; expires=Thu, 30 Nov 2023 03:49:25 GMT; secure; SameSite=None
uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9544e002ffc7014f04a6c4df47edbc6b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
marecreateddew.com/watch.1236729777659?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
1.5 kB URL marecreateddew.com/watch.1236729777659?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1104)
Hash 433e756e1a6bcd2d90b7f1d4af51f358
d8a896adbd3eeb76e2628967ba44e372d689e145
800aafe21d2fcfb93804994edb383e39d0cb195ec1f4da382fa819cf633b41f6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1236729777659?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1 HTTP/1.1
Host: marecreateddew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=20077069; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; expires=Thu, 30 Nov 2023 03:49:25 GMT; secure; SameSite=None
uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2a96fb0d334beb07513b9dcfa0d87ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
overwhelmfarrier.com/sbar.json?key=07d8f7f47a93604d7e5120d1880a3523&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
4.3 kB URL overwhelmfarrier.com/sbar.json?key=07d8f7f47a93604d7e5120d1880a3523&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
IP
File type JSON data\012- , ASCII text, with very long lines (6104), with no line terminators
Hash d220e08657bc4fba76d6ebfa12a4072e
1826291e79e0d56ab5271e5d310fef69f26bd5cf
4c5f964b7f58fdb762bf846f9cbda91328effbebc2a4bd7f6eb8e01351ee250a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=07d8f7f47a93604d7e5120d1880a3523&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1 HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com
Access-Control-Allow-Origin: https://betterstudio.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=20679165; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
slec07d8f7f47a93604d7e5120d1880a3523=[4691073]; expires=Thu, 30 Nov 2023 03:48:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fdfca193e21f7b4b38411d4cfbc5f8c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
shamelessgoodwill.com/api/users?token=L3dhdGNoLjUyMzA4NTUzODI3MD9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05NmY0NGQ3ZTJmMjUyMjAzN2MyNTM3MTljODNmOGQ1NjcxODAzNGM3YTYxOGQ4NDc3YmUyNDU2ZDgyM2UzNjJlYzQ0MWQ1NzA2ZWFiOGI3YTA3YzYzNWExODAzNDFhZDk2NWM2NmI3NGEzNmIzMGVhYjZiOGNiMjA1YmIwMDE3MmUxNGExZWFkYTlkMTVjOWQ1OWE1YWQ1YThjOTk3ZTA3NDczOWU1NTJhZGNkMjk0ZWJiODdhOWNmMDFkMiZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
1.8 kB URL shamelessgoodwill.com/api/users?token=L3dhdGNoLjUyMzA4NTUzODI3MD9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05NmY0NGQ3ZTJmMjUyMjAzN2MyNTM3MTljODNmOGQ1NjcxODAzNGM3YTYxOGQ4NDc3YmUyNDU2ZDgyM2UzNjJlYzQ0MWQ1NzA2ZWFiOGI3YTA3YzYzNWExODAzNDFhZDk2NWM2NmI3NGEzNmIzMGVhYjZiOGNiMjA1YmIwMDE3MmUxNGExZWFkYTlkMTVjOWQ1OWE1YWQ1YThjOTk3ZTA3NDczOWU1NTJhZGNkMjk0ZWJiODdhOWNmMDFkMiZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2518)
Hash 41103915d301ee7537fea6d845cd3fc4
1cedffe7b3c64d23cc44f912b515707159910c1d
3aff5139f29a4f0c671c54ec02a63b2152150ccee3a2751d2ec2a9e716b19795
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjUyMzA4NTUzODI3MD9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05NmY0NGQ3ZTJmMjUyMjAzN2MyNTM3MTljODNmOGQ1NjcxODAzNGM3YTYxOGQ4NDc3YmUyNDU2ZDgyM2UzNjJlYzQ0MWQ1NzA2ZWFiOGI3YTA3YzYzNWExODAzNDFhZDk2NWM2NmI3NGEzNmIzMGVhYjZiOGNiMjA1YmIwMDE3MmUxNGExZWFkYTlkMTVjOWQ1OWE1YWQ1YThjOTk3ZTA3NDczOWU1NTJhZGNkMjk0ZWJiODdhOWNmMDFkMiZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false HTTP/1.1
Host: shamelessgoodwill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shamelessgoodwill.com/watch.523085538270?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Origin: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 99668244dc3cb219a51f2ca0fb28d83e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tournamentfosterchild.com/api/users?token=L3dhdGNoLjk0NzE0NjgxNzAyOT9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02YzZjMzhkNDRiMjA3MTliMzcyZDk1ZGE3YTYxNjMxOWIyMjhmYmY1ZjE3NDZlNTdiYjhhM2ZkYjI3NzhmMzU2Zjk4NmIyZjVlNjFlMzFiZWM3OTJjNGNmOGQzYWUwNzU4NmZkMmRiYWQ1MDc3MTM4OWFhZDQ2ODMyMThiODJkMjMxOGFkMmVkMTAwZWYyZjk3ZTRjYzA4NmFhZjM0YjQ3NWUxOGM2YzU2Yzg3YTE4NzY0YjNjODU0MjZhNSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
1.8 kB URL tournamentfosterchild.com/api/users?token=L3dhdGNoLjk0NzE0NjgxNzAyOT9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02YzZjMzhkNDRiMjA3MTliMzcyZDk1ZGE3YTYxNjMxOWIyMjhmYmY1ZjE3NDZlNTdiYjhhM2ZkYjI3NzhmMzU2Zjk4NmIyZjVlNjFlMzFiZWM3OTJjNGNmOGQzYWUwNzU4NmZkMmRiYWQ1MDc3MTM4OWFhZDQ2ODMyMThiODJkMjMxOGFkMmVkMTAwZWYyZjk3ZTRjYzA4NmFhZjM0YjQ3NWUxOGM2YzU2Yzg3YTE4NzY0YjNjODU0MjZhNSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2561)
Hash 40605960f31c94a630615e111d9e8a17
f36290e9ae3997aba8727c7726155a2c5599bfcd
0ab93c3ef5d6e9cdac38123bd05fee3c967383a5f87d6f14b44beee4e3e87473
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjk0NzE0NjgxNzAyOT9kZXY9ZSZrZXk9NDM1ZWQyOGNkZjIyNTRhMjk3ZDU2ZDUwNjY3MDk5Y2Ima3c9JTVCJTI2cXVvdCUzQjglMjZxdW90JTNCJTJDJTI2cXVvdCUzQmJlc3QlMjZxdW90JTNCJTJDJTI2cXVvdCUzQndvcmRwcmVzcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvdGFyZ2V0aW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JnZW9sb2NhdGlvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcGx1Z2lucyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCMjAyMyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZnJlZSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcHJvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXR0ZXJzdHVkaW8lMjZxdW90JTNCJTVEJnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRndvcmRwcmVzcy1wbHVnaW5zJTJGYmVzdC13b3JkcHJlc3MtZ2VvdGFyZ2V0aW5nLWdlb2xvY2F0aW9uLXBsdWdpbnMlMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02YzZjMzhkNDRiMjA3MTliMzcyZDk1ZGE3YTYxNjMxOWIyMjhmYmY1ZjE3NDZlNTdiYjhhM2ZkYjI3NzhmMzU2Zjk4NmIyZjVlNjFlMzFiZWM3OTJjNGNmOGQzYWUwNzU4NmZkMmRiYWQ1MDc3MTM4OWFhZDQ2ODMyMThiODJkMjMxOGFkMmVkMTAwZWYyZjk3ZTRjYzA4NmFhZjM0YjQ3NWUxOGM2YzU2Yzg3YTE4NzY0YjNjODU0MjZhNSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false HTTP/1.1
Host: tournamentfosterchild.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tournamentfosterchild.com/watch.947146817029?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Origin: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d5480da0f6365bfcc1e9112f61fac12
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20077069
1.4 kB URL conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20077069
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (480)
Hash 39944236f3c13835c60ebeb54056ef57
4e115f61fce8977771efe944bdc8661e4ff2bddd
52102e7276f79bad970ccd5995ac5436309251d6899c136ae7bb5ebe05a43c94
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=20077069 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Fri, 01 Dec 2023 03:48:25 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjAwNzcwNjkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iZXR0ZXJzdHVkaW8uY29tLyJ9fQ.ogyVJG6fNzYDHwbJi2C_5vUoIuJKqQHBPRJmvl-qrRM; expires=Thu, 30 Nov 2023 03:49:25 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3a70307c48319bc17db8b8905b9ad8bc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sensualtestresume.com/api/users?token=L3dhdGNoLjE2ODM4NzAwMTgyODE_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9ZjgxZWFiZTQzY2JmMTk0ZDI5MWQwNGQ3NDAxNGM5NGI5Y2I5ZmU4OWQ3YzM3YWIxYTQzYTY1ZDYxNWVkY2MyYWM2YWJlNzI4MWI3YThlZGJiYTZlMjY4MzVhOTdlNzNkMzk2N2QzZTQzMjNkYmRhMGZjODIxNjljMDllZmU0NjFiNTNjYjlmMzJjODczMWI1ZGIxMGE1NTUxMTA4MGMzY2Q1MzVkNWNiNmRhNGE1ZTAyN2QxZWIyODMwZGJmNCZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
1.8 kB URL sensualtestresume.com/api/users?token=L3dhdGNoLjE2ODM4NzAwMTgyODE_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9ZjgxZWFiZTQzY2JmMTk0ZDI5MWQwNGQ3NDAxNGM5NGI5Y2I5ZmU4OWQ3YzM3YWIxYTQzYTY1ZDYxNWVkY2MyYWM2YWJlNzI4MWI3YThlZGJiYTZlMjY4MzVhOTdlNzNkMzk2N2QzZTQzMjNkYmRhMGZjODIxNjljMDllZmU0NjFiNTNjYjlmMzJjODczMWI1ZGIxMGE1NTUxMTA4MGMzY2Q1MzVkNWNiNmRhNGE1ZTAyN2QxZWIyODMwZGJmNCZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2518)
Hash 75d204f9d60b1db110b799726aee1d24
0bd78d1caf5821aa8f76102ad6c7f995fc2cbd64
6e8dfe386be3370e59697a53d399cdeeab49b6a637ff09470ec276f53cb8b4f6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjE2ODM4NzAwMTgyODE_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9ZjgxZWFiZTQzY2JmMTk0ZDI5MWQwNGQ3NDAxNGM5NGI5Y2I5ZmU4OWQ3YzM3YWIxYTQzYTY1ZDYxNWVkY2MyYWM2YWJlNzI4MWI3YThlZGJiYTZlMjY4MzVhOTdlNzNkMzk2N2QzZTQzMjNkYmRhMGZjODIxNjljMDllZmU0NjFiNTNjYjlmMzJjODczMWI1ZGIxMGE1NTUxMTA4MGMzY2Q1MzVkNWNiNmRhNGE1ZTAyN2QxZWIyODMwZGJmNCZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sensualtestresume.com/watch.1683870018281?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Origin: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cbc6a70485c9cfa81f363952ddef7736
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg
72 kB URL cdn.cloudimagesb.com/bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Hash 6558c1b066d51ae9dcd0fb710976fd47
1b8b413e0f86a8fbcac1fd51498d53c1d252716a
48fb2ec1ca6adf7bfb49073cd801e7333777ba7a77cf434887bcb782e22ea11c
GET /bi/af/b7/8e/afb78e9e9caab125658a6c150ba489b1/1688139489.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shamelessgoodwill.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:25 GMT
content-type: image/jpeg
content-length: 72442
server: nginx/1.21.6
last-modified: Fri, 30 Jun 2023 15:38:18 GMT
etag: "649ef6ea-11afa"
expires: Sat, 02 Dec 2023 03:48:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
overwhelmfarrier.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHqzdREBVU9uJBmIPgZybV87Ez4x6C65oQjEncXclNrK6qnpSp7mqquqcnczG6IOttBA8eO%2F%2FJhx9L2L0uyMrEiwSEHQXJwYhnL4qwFxFkkoHgO%2FR7r3%2Fv8P7%2FV59sZyeEImPHq2%2BbntKazdbLtPTimoqFyV1p%2BUbJp2V6ubSm4ku1y6Xu%2BGM7r%2Fm0XqYvlRYk3zCzFepT6lO%2FNK%2BsDE139pRCJbdbfrlFy7VK2a%2FX0LX%2F713mwTEPonNCnoESo0fWf7gLxYeIoztXpdtITfLqm1GmWWosOmL%2F3XgjNnmM6LwMrYcw3p9Mw7gRIV9cgIn3JwpgOjtjBQjUiHi%2F%2BAji%2FcmaCDq7Z5sGGjJGIB5H3hlC6iEUG4Kbm1DiAQG4wPIK4mhv2dicbZ5RNqYjMv3wb6h8RKZ%2FvYg4OriiVbd03egsVSZ26IYFVHcI1R4iyQ6R9jyo%2FBA8%2FRhK%2FEhmHy4hjnZWnDZQ4vj5phSSimo406wzMVMTvj%2FT4g06w3mF%2Bj6TIgyDU4uUGkKFQ2jZB3NTyJyHTHnIQg9Z4iESxyVWb4WUNsIgrFabNc55tcp5vXlJ1EW11gwpMj7W0Eea9MF1H9xuIbFb2FB92Ow7uPUCTkzBpSPivfMhOqJALglyR5AzglwR5ClB3il2hXYVV%2BwJ7bLAn%2BTKJFeLgUnb22zXpG0Zk%2B3khDw9Ns%2B7%2FOm%2F2JDHJdoQzbAR1hqsVb1Ea6Ih636FCr%2FZpKxar1ThVAHlLoA5Dz01Ii8Pf0aiRuSpf%2F5CwA7h9CG4mgLLngPLB40KBVsf1JoUvfhOINNUWpdmQpkyNxGEKZCk00g3vW19Qp49PeTC5x9B8qO5Pw4u9n5fOAC3BRJb4AP1PUFb3xpcMznZuWZyR%2B6uJKmKVI%2BNj3w9Zamc%2FvotuZkbKxavuv5Xr%2FMxGJe3b0iXLrFYqLjtyDdXlBDSzhvLJfl20a3JYDVz61cyG2fJ0uob84tRYqVzysRDMPXg%2FfvgakSe3Js7fb4vfHkPyg5hswJRdkQmAWUOwZMtuORo7rdXLjyxeO89OENg9flMkHjIs2JgK8H5T60ItDzvWVDAyXMLAnl0%2F88ztu1uoW09sPQm4qhAxxbo6AJM9%2BGyqUGa2KO5n6qngUB7g0BbbyfQVn92Zq1TxyVZD2koaUUGYSsIG4yKVlhrBazly0ZQZz5SN5Lrjz72HwAAAP%2F%2FAQAA%2F%2F%2FY17tUlgQAAA%3D%3D
7 B URL overwhelmfarrier.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHqzdREBVU9uJBmIPgZybV87Ez4x6C65oQjEncXclNrK6qnpSp7mqquqcnczG6IOttBA8eO%2F%2FJhx9L2L0uyMrEiwSEHQXJwYhnL4qwFxFkkoHgO%2FR7r3%2Fv8P7%2FV59sZyeEImPHq2%2BbntKazdbLtPTimoqFyV1p%2BUbJp2V6ubSm4ku1y6Xu%2BGM7r%2Fm0XqYvlRYk3zCzFepT6lO%2FNK%2BsDE139pRCJbdbfrlFy7VK2a%2FX0LX%2F713mwTEPonNCnoESo0fWf7gLxYeIoztXpdtITfLqm1GmWWosOmL%2F3XgjNnmM6LwMrYcw3p9Mw7gRIV9cgIn3JwpgOjtjBQjUiHi%2F%2BAji%2FcmaCDq7Z5sGGjJGIB5H3hlC6iEUG4Kbm1DiAQG4wPIK4mhv2dicbZ5RNqYjMv3wb6h8RKZ%2FvYg4OriiVbd03egsVSZ26IYFVHcI1R4iyQ6R9jyo%2FBA8%2FRhK%2FEhmHy4hjnZWnDZQ4vj5phSSimo406wzMVMTvj%2FT4g06w3mF%2Bj6TIgyDU4uUGkKFQ2jZB3NTyJyHTHnIQg9Z4iESxyVWb4WUNsIgrFabNc55tcp5vXlJ1EW11gwpMj7W0Eea9MF1H9xuIbFb2FB92Ow7uPUCTkzBpSPivfMhOqJALglyR5AzglwR5ClB3il2hXYVV%2BwJ7bLAn%2BTKJFeLgUnb22zXpG0Zk%2B3khDw9Ns%2B7%2FOm%2F2JDHJdoQzbAR1hqsVb1Ea6Ih636FCr%2FZpKxar1ThVAHlLoA5Dz01Ii8Pf0aiRuSpf%2F5CwA7h9CG4mgLLngPLB40KBVsf1JoUvfhOINNUWpdmQpkyNxGEKZCk00g3vW19Qp49PeTC5x9B8qO5Pw4u9n5fOAC3BRJb4AP1PUFb3xpcMznZuWZyR%2B6uJKmKVI%2BNj3w9Zamc%2FvotuZkbKxavuv5Xr%2FMxGJe3b0iXLrFYqLjtyDdXlBDSzhvLJfl20a3JYDVz61cyG2fJ0uob84tRYqVzysRDMPXg%2FfvgakSe3Js7fb4vfHkPyg5hswJRdkQmAWUOwZMtuORo7rdXLjyxeO89OENg9flMkHjIs2JgK8H5T60ItDzvWVDAyXMLAnl0%2F88ztu1uoW09sPQm4qhAxxbo6AJM9%2BGyqUGa2KO5n6qngUB7g0BbbyfQVn92Zq1TxyVZD2koaUUGYSsIG4yKVlhrBazly0ZQZz5SN5Lrjz72HwAAAP%2F%2FAQAA%2F%2F%2FY17tUlgQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHqzdREBVU9uJBmIPgZybV87Ez4x6C65oQjEncXclNrK6qnpSp7mqquqcnczG6IOttBA8eO%2F%2FJhx9L2L0uyMrEiwSEHQXJwYhnL4qwFxFkkoHgO%2FR7r3%2Fv8P7%2FV59sZyeEImPHq2%2BbntKazdbLtPTimoqFyV1p%2BUbJp2V6ubSm4ku1y6Xu%2BGM7r%2Fm0XqYvlRYk3zCzFepT6lO%2FNK%2BsDE139pRCJbdbfrlFy7VK2a%2FX0LX%2F713mwTEPonNCnoESo0fWf7gLxYeIoztXpdtITfLqm1GmWWosOmL%2F3XgjNnmM6LwMrYcw3p9Mw7gRIV9cgIn3JwpgOjtjBQjUiHi%2F%2BAji%2FcmaCDq7Z5sGGjJGIB5H3hlC6iEUG4Kbm1DiAQG4wPIK4mhv2dicbZ5RNqYjMv3wb6h8RKZ%2FvYg4OriiVbd03egsVSZ26IYFVHcI1R4iyQ6R9jyo%2FBA8%2FRhK%2FEhmHy4hjnZWnDZQ4vj5phSSimo406wzMVMTvj%2FT4g06w3mF%2Bj6TIgyDU4uUGkKFQ2jZB3NTyJyHTHnIQg9Z4iESxyVWb4WUNsIgrFabNc55tcp5vXlJ1EW11gwpMj7W0Eea9MF1H9xuIbFb2FB92Ow7uPUCTkzBpSPivfMhOqJALglyR5AzglwR5ClB3il2hXYVV%2BwJ7bLAn%2BTKJFeLgUnb22zXpG0Zk%2B3khDw9Ns%2B7%2FOm%2F2JDHJdoQzbAR1hqsVb1Ea6Ih636FCr%2FZpKxar1ThVAHlLoA5Dz01Ii8Pf0aiRuSpf%2F5CwA7h9CG4mgLLngPLB40KBVsf1JoUvfhOINNUWpdmQpkyNxGEKZCk00g3vW19Qp49PeTC5x9B8qO5Pw4u9n5fOAC3BRJb4AP1PUFb3xpcMznZuWZyR%2B6uJKmKVI%2BNj3w9Zamc%2FvotuZkbKxavuv5Xr%2FMxGJe3b0iXLrFYqLjtyDdXlBDSzhvLJfl20a3JYDVz61cyG2fJ0uob84tRYqVzysRDMPXg%2FfvgakSe3Js7fb4vfHkPyg5hswJRdkQmAWUOwZMtuORo7rdXLjyxeO89OENg9flMkHjIs2JgK8H5T60ItDzvWVDAyXMLAnl0%2F88ztu1uoW09sPQm4qhAxxbo6AJM9%2BGyqUGa2KO5n6qngUB7g0BbbyfQVn92Zq1TxyVZD2koaUUGYSsIG4yKVlhrBazly0ZQZz5SN5Lrjz72HwAAAP%2F%2FAQAA%2F%2F%2FY17tUlgQAAA%3D%3D HTTP/1.1
Host: overwhelmfarrier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Cookie: u_pl=20679165; uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13ab97bb023318c5eca8a5d7806d5053
Strict-Transport-Security: max-age=0; includeSubdomains
marecreateddew.com/api/users?token=L3dhdGNoLjEyMzY3Mjk3Nzc2NTk_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MDhkYjQwMTNhN2UzNDk0YTAzNGJmOThiNTllMTk2MmQyNjA0MzYzNzA4MmU4YWI2NTdiMzk4MTczY2RmOGU5ZTE0MDE5NzIxMjRiYWE4NzE0ZDMyZjE5MmE4YzcwYTRkMjUyYjM0MTNkYzgwNjY5YTIyZDU5YzJlMDI4ZmY5Njc0YTkxNmQ5NWQ4MDYyYjFiNGFjMjBlMTZkYWZkMzZlOGM0ZmZjZGJmNzM3ZDIzNThkMjRjMmJmMjU2ODQxYSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
1.8 kB URL marecreateddew.com/api/users?token=L3dhdGNoLjEyMzY3Mjk3Nzc2NTk_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MDhkYjQwMTNhN2UzNDk0YTAzNGJmOThiNTllMTk2MmQyNjA0MzYzNzA4MmU4YWI2NTdiMzk4MTczY2RmOGU5ZTE0MDE5NzIxMjRiYWE4NzE0ZDMyZjE5MmE4YzcwYTRkMjUyYjM0MTNkYzgwNjY5YTIyZDU5YzJlMDI4ZmY5Njc0YTkxNmQ5NWQ4MDYyYjFiNGFjMjBlMTZkYWZkMzZlOGM0ZmZjZGJmNzM3ZDIzNThkMjRjMmJmMjU2ODQxYSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2528)
Hash 6f2e9a602d0f3663ddac13634b1d008f
80457014c5ad8f03724e11ddeaa7e4a1580976e7
da81eea45570052991530d709932f52ae3cbe25ffa1314d6c56a94398fa9ef95
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3dhdGNoLjEyMzY3Mjk3Nzc2NTk_ZGV2PWUma2V5PTQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiJmt3PSU1QiUyNnF1b3QlM0I4JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JiZXN0JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J3b3JkcHJlc3MlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmdlb3RhcmdldGluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZ2VvbG9jYXRpb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBsdWdpbnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQjIwMjMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmZyZWUlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnBybyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYmV0dGVyc3R1ZGlvJTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTMxNjE2NSZyZWZlcj1odHRwcyUzQSUyRiUyRmJldHRlcnN0dWRpby5jb20lMkZ3b3JkcHJlc3MtcGx1Z2lucyUyRmJlc3Qtd29yZHByZXNzLWdlb3RhcmdldGluZy1nZW9sb2NhdGlvbi1wbHVnaW5zJTJGJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MDhkYjQwMTNhN2UzNDk0YTAzNGJmOThiNTllMTk2MmQyNjA0MzYzNzA4MmU4YWI2NTdiMzk4MTczY2RmOGU5ZTE0MDE5NzIxMjRiYWE4NzE0ZDMyZjE5MmE4YzcwYTRkMjUyYjM0MTNkYzgwNjY5YTIyZDU5YzJlMDI4ZmY5Njc0YTkxNmQ5NWQ4MDYyYjFiNGFjMjBlMTZkYWZkMzZlOGM0ZmZjZGJmNzM3ZDIzNThkMjRjMmJmMjU2ODQxYSZ0ej0wJnV1aWQ9OGVkZTBkM2YtODVhZC00ZDExLTljNzAtY2MyMDExYWVkZmZiJTNBMyUzQTE%3D&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1&pii=&in=false HTTP/1.1
Host: marecreateddew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://marecreateddew.com/watch.1236729777659?key=435ed28cdf2254a297d56d50667099cb&kw=%5B%228%22%2C%22best%22%2C%22wordpress%22%2C%22geotargeting%22%2C%22geolocation%22%2C%22plugins%22%2C%222023%22%2C%22free%22%2C%22pro%22%2C%22-%22%2C%22betterstudio%22%5D&refer=https%3A%2F%2Fbetterstudio.com%2Fwordpress-plugins%2Fbest-wordpress-geotargeting-geolocation-plugins%2F&tz=0&dev=e&res=14.3095&uuid=8ede0d3f-85ad-4d11-9c70-cc2011aedffb%3A3%3A1
Cookie: u_pl=20077069; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDA3NzA2OSwiayI6IjQzNWVkMjhjZGYyMjU0YTI5N2Q1NmQ1MDY2NzA5OWNiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODAyMzg4LCJwaWQiOjExMTMwNzMsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJ2N3ljaWl5NyIsImNwa3MiOnsiMjgiOiI4NjJkY2E3OWMyODAwMmI4MTUxZmY5YTFjMzdiZWE3YSIsIjI5IjoiMDdkOGY3ZjQ3YTkzNjA0ZDdlNTEyMGQxODgwYTM1MjMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmV0dGVyc3R1ZGlvLmNvbS93b3JkcHJlc3MtcGx1Z2lucy9iZXN0LXdvcmRwcmVzcy1nZW90YXJnZXRpbmctZ2VvbG9jYXRpb24tcGx1Z2lucy8ifX0.wVrHc-pqfHYJiC20ECG-otkXlB1z368n9_aPyozwHcY; uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Origin: https://betterstudio.com/wordpress-plugins/best-wordpress-geotargeting-geolocation-plugins/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8ede0d3f-85ad-4d11-9c70-cc2011aedffb:3:1; expires=Thu, 07 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 01 Dec 2023 03:48:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa83a73bd1605bf63e0005d16a562abf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwMDc3MDY5JnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRiZybXRjPXQmc2h1PWI2OGRlMWRkMjUzOTg4MDBiYTU3NTA3YjY0YWI1ZTE1NWE2YzBlNWQzZjBjMWM5MmRlZTM4Njg3YmJjNjhmOTIyNWFhNTlmNGZiZTQyMWMwMDVlMTFjNjNmMDg0ODMwODZlNjlhMjkzYWMxMzYwMjM4ODY5N2Q1NWRlMTUzNDUzZTBkMzIyZDkxZDdmMWQyMWIwODQxMDVhODRjYWI5OGNiYTk5ZWIzNjkxYmY2MzExYmIxZjkzMDFiYjQxM2M%3D&uuid=&pii=&in=false
0 B URL conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwMDc3MDY5JnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRiZybXRjPXQmc2h1PWI2OGRlMWRkMjUzOTg4MDBiYTU3NTA3YjY0YWI1ZTE1NWE2YzBlNWQzZjBjMWM5MmRlZTM4Njg3YmJjNjhmOTIyNWFhNTlmNGZiZTQyMWMwMDVlMTFjNjNmMDg0ODMwODZlNjlhMjkzYWMxMzYwMjM4ODY5N2Q1NWRlMTUzNDUzZTBkMzIyZDkxZDdmMWQyMWIwODQxMDVhODRjYWI5OGNiYTk5ZWIzNjkxYmY2MzExYmIxZjkzMDFiYjQxM2M%3D&uuid=&pii=&in=false
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIwMDc3MDY5JnBzdD0xNzAxMzE2MTY1JnJlZmVyPWh0dHBzJTNBJTJGJTJGYmV0dGVyc3R1ZGlvLmNvbSUyRiZybXRjPXQmc2h1PWI2OGRlMWRkMjUzOTg4MDBiYTU3NTA3YjY0YWI1ZTE1NWE2YzBlNWQzZjBjMWM5MmRlZTM4Njg3YmJjNjhmOTIyNWFhNTlmNGZiZTQyMWMwMDVlMTFjNjNmMDg0ODMwODZlNjlhMjkzYWMxMzYwMjM4ODY5N2Q1NWRlMTUzNDUzZTBkMzIyZDkxZDdmMWQyMWIwODQxMDVhODRjYWI5OGNiYTk5ZWIzNjkxYmY2MzExYmIxZjkzMDFiYjQxM2M%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjAwNzcwNjkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9iZXR0ZXJzdHVkaW8uY29tLyJ9fQ.ogyVJG6fNzYDHwbJi2C_5vUoIuJKqQHBPRJmvl-qrRM; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Thu, 30 Nov 2023 03:48:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fd5322e65f2c3aa019cbfac07b08c24&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprc9b08c91eb6a55a7690be80647016dff7=4641329; expires=Fri, 01 Dec 2023 03:48:26 GMT
pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:26 GMT
uncs=1; expires=Fri, 01 Dec 2023 03:48:26 GMT
pdhtkv28=true; expires=Fri, 01 Dec 2023 03:48:26 GMT
uncs28=1; expires=Fri, 01 Dec 2023 03:48:26 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d51580ff9af1d5b9ddd88338e377e235
Strict-Transport-Security: max-age=0; includeSubdomains
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fd5322e65f2c3aa019cbfac07b08c24&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
0 B URL violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fd5322e65f2c3aa019cbfac07b08c24&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fd5322e65f2c3aa019cbfac07b08c24&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Thu, 30 Nov 2023 03:48:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9ejgm8p1z; expires=Fri, 01-Dec-2023 03:48:27 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9ejgm8p1z-h9ejgm8p1z-hq1m-0-q5a4bl-ftxofe-ft8pdz-9ab2ab; expires=Fri, 01-Dec-2023 03:48:27 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660
Strict-Transport-Security: max-age=31536000
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660
0 B URL vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 30 Nov 2023 03:48:27 GMT
content-length: 0
location: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=fe88050e-3de6-4f5b-827f-ff706a681b7c; expires=Sun, 30 Nov 2025 03:48:27 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SU3PkS6SDozrQpugrsilZRPqvfZeYO5HckvPl2zkB6%2BFKC4IZRnPU6sDEX6q1AxjkADByxpdW8zMcdgKwpo7Wx271Oiez9ptwd2AV0C3omVWz5jEbYs1prt0L79OxkA1z6adDEmpMg0q4qVp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d668e7056af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
vvfal.veinmaster.top/eyes-robot/assets/1.png
11 kB URL vvfal.veinmaster.top/eyes-robot/assets/1.png
IP
File type PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Hash a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
GET /eyes-robot/assets/1.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:27 GMT
content-type: image/png
content-length: 10591
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
etag: "65644f17-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3042
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9KxJH%2BsYRG4G%2FfS%2F4dIXmpTb7Wi%2BfRyfBHgYp6c73DQISq%2FSqfxG33tTq6MfCnrJEYY7gxAC76eX27uq%2FUvqmTBnpRD%2B6A0mCHZjpwclWQYa9jBAQra90Jrn5Mdci2sg2Wlr0XZE7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d685df556a9-OSL
alt-svc: h3=":443"; ma=86400
vvfal.veinmaster.top/eyes-robot/assets/2.png
1.1 kB URL vvfal.veinmaster.top/eyes-robot/assets/2.png
IP
File type PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Hash d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
GET /eyes-robot/assets/2.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:27 GMT
content-type: image/png
content-length: 1061
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
etag: "65644f17-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3042
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFbgVolUdfrnoJRkBUM43g9aOPYVLO9zcq5iz2ZCXs1ZS65Bzi9XfP5ITOOwmBHTNU0n6mH6EtThM5ZkFp5KvWNa20XNmatAwL6Mh1V4%2Fq9SSLfzzc0z5zou2i%2FWjHwwPwI67f0ZMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d685df656a9-OSL
alt-svc: h3=":443"; ma=86400
vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
13 kB URL vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 676bda11344b80429881cb1da5d3c12b
6cf077b09a1f1acbdaab9c1f649428ab152c468b
a7c437eb2c0783165f417fc89a9bb8196b9f24a1099aedc682e1238ac57d2823
GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:27 GMT
content-type: text/html
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FeMjinUE3GuCI5GMAMRDH7vNfK2UZdgbcfXMcgff5ZHlFWhgL2ESmzM8Lb8k%2FDI5dRfaD8pJgkhxeoLVMOF9KK6i6VIFgJaFIZFVOUQr2yW%2FZoDEjOlrYT4fq8ZYwOtfv7oYPskVeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d674f125693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
vvfal.veinmaster.top/favicon.ico
0 B URL vvfal.veinmaster.top/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 30 Nov 2023 03:48:27 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3042
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=etg%2F98ALmv8OAUDY27nRzx9B%2F1OYBUj1XIlXy1G7fZAqfDmCceEcv5MAw45hUxe1egXqucZqIn1BcEvhKwmmDc68Uesd%2FBVS9fUYKYqyrd1xxkSP1PQglR9OfpZX5Oo5T8wYKoCowA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d695e2356a9-OSL
alt-svc: h3=":443"; ma=86400
cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
9.5 kB URL cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP
File type ASCII text, with CRLF line terminators
Hash 512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a
GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Cookie: __psu=21660632-4f0e-417a-bfa0-9c84ef07508a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:27 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPJ092v8W4xTzkynr4FgH%2Bvfd6YRwcccRNpHhXW4JleHXhtIQ3i3pQunDnHWULF%2B2RQcKKw1k4NmnD%2FWhqWo3c7irAGJAsJscXvbfuRjdrCkNrVbf00lWBDqsoTDnWW5CgnDnuqEwj1NfUQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d697e2956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
9.9 kB URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
File type ASCII text, with very long lines (38231)
Hash 0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 05:05:31 GMT
expires: Fri, 22 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 600176
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.veinmaster.top/eyes-robot/assets/1.png
11 kB URL a.veinmaster.top/eyes-robot/assets/1.png
IP
File type PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Hash a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:28 GMT
content-type: image/png
content-length: 10591
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
etag: "65644f17-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 792
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahiheIOYjyXXGCZ96CwkQakfNKt%2FaRnrZYkOsGePWeALMw5bHUilvJktQBN5pViXCxPZs1m40yCAsGnh%2FVKquQFi7X6mga1OjWUq19k5RsC7i0MLCxYGNHIzaetNokOjDLo4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d6b7e9956a9-OSL
alt-svc: h3=":443"; ma=86400
a.veinmaster.top/eyes-robot/assets/2.png
1.1 kB URL a.veinmaster.top/eyes-robot/assets/2.png
IP
File type PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Hash d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
GET /eyes-robot/assets/2.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:28 GMT
content-type: image/png
content-length: 1061
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
etag: "65644f17-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4100
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kSa7u4Tsw2ri%2B9xRaGJ5v7haUeP9wf7k45l8fLn1d0hq0sVjQbcjsdLu4cPARr%2FspuCTJL9lVBCQDQ350k%2BhLE7fQwMIqnVvEFnMIPFexBfyz0K0eW0vFI%2BZg0ze7f8V480N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d6b7e9e56a9-OSL
alt-svc: h3=":443"; ma=86400
a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
13 kB URL a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 676bda11344b80429881cb1da5d3c12b
6cf077b09a1f1acbdaab9c1f649428ab152c468b
a7c437eb2c0783165f417fc89a9bb8196b9f24a1099aedc682e1238ac57d2823
GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407 HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:28 GMT
content-type: text/html
last-modified: Mon, 27 Nov 2023 08:11:03 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5PCKFXFLuB7JBWNcTWRBRf6nwC4EaSgnet1u0PILnZfwZtzZaJj1nq260jgLzKTnlSiwm8zORgYhoGEnNHXkL6t45tobjw1KqIzSSbSQs5yGTiIeaeaLxDEAAI7tnafWtWs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d6ace6356a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
a.veinmaster.top/favicon.ico
0 B URL a.veinmaster.top/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=b8aabh9ejgm8p1zd83&sub_id=16122660&nrid=6b85b7fc34cb47a8b839280e8e1fbc89&hash=X6F3xgL9aJMPpJm43dncBw&exp=1701316407
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 30 Nov 2023 03:48:28 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4794
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvJGDLVl49ibbdEGNkyeVGeqQqcesIBgGUSXhRJC7vO2yPMrLx%2BORxQLD85JCgPf3fKvJ4O3uqzS6cYfm2IwakfWQPvZt%2BrAnsK8zFiqqqo5iWJ6rkVc1J8g7Sj5U2gsjJbS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d6c0edd56a9-OSL
alt-svc: h3=":443"; ma=86400
www.google.com/recaptcha/api.js?hl=en_US&onload=agrLoad&render=explicit&ver=1.0.15
24 kB URL www.google.com/recaptcha/api.js?hl=en_US&onload=agrLoad&render=explicit&ver=1.0.15
IP
File type gzip compressed data\012- data
Hash 2e311c837ae9f5585049a7c48d4b3a0e
87e014ee2d9539edaee72e089a6b447a52c0224e
cb3d19897a72ade1aae874619abcf9374089483838b52b8a3233cabee8c38813
GET /recaptcha/api.js?hl=en_US&onload=agrLoad&render=explicit&ver=1.0.15 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://betterstudio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 30 Nov 2023 03:48:22 GMT
date: Thu, 30 Nov 2023 03:48:22 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
9.9 kB URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
File type ASCII text, with very long lines (38231)
Hash 0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 05:05:31 GMT
expires: Fri, 22 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 600177
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
1.3 kB URL www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (420)
Hash b6edfaa2a6b5ae866960d384b0ae4ea9
25e8a39bf10005468f066ef19a8c75ab2c1b227f
f9882954674d2487650d1bb1c4fd320b1f8f0ceb13b22b2fd552bb202dc3bf00
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Fri, 01 Dec 2023 03:48:28 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIn19.s86lgFNLhwDkrFbU8GgXsC4yY5HExbPvZkUcXjcepMk; expires=Thu, 30 Nov 2023 03:49:28 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b620423181aa12bdbba626c09e45334
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxMzE2MTY4JnJtdGM9dCZzaHU9NmJmMjIxNTM4ZmE5MTU5NzEwNjFjOTdmZjhjZTE3MjgxZjI1ZjBlZmZhNmM1MjU1MWVjOGEzNDAxYTMwMzVmNzgyZjMzNzY2NTIxZDIxOGY1ZWY2MzZiODRlMjhhYjIxZTkxZjAwYTc0NWEyNTkyMWUwNGZkMGZhOWI0NTMyOWU3N2RkM2NkOTMwMjBiZmYwNDNkNzE0MDczNGYxZjgzYTI5ZTVkMzMxYWQ2MjNlYjE1N2IwMWM0M2Y2OGU0NTY4YmQxNGMy&uuid=&pii=&in=false
302 Found 0 B URL User Request GET HTTP/1.1 www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxMzE2MTY4JnJtdGM9dCZzaHU9NmJmMjIxNTM4ZmE5MTU5NzEwNjFjOTdmZjhjZTE3MjgxZjI1ZjBlZmZhNmM1MjU1MWVjOGEzNDAxYTMwMzVmNzgyZjMzNzY2NTIxZDIxOGY1ZWY2MzZiODRlMjhhYjIxZTkxZjAwYTc0NWEyNTkyMWUwNGZkMGZhOWI0NTMyOWU3N2RkM2NkOTMwMjBiZmYwNDNkNzE0MDczNGYxZjgzYTI5ZTVkMzMxYWQ2MjNlYjE1N2IwMWM0M2Y2OGU0NTY4YmQxNGMy&uuid=&pii=&in=false
IP
Certificate IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxMzE2MTY4JnJtdGM9dCZzaHU9NmJmMjIxNTM4ZmE5MTU5NzEwNjFjOTdmZjhjZTE3MjgxZjI1ZjBlZmZhNmM1MjU1MWVjOGEzNDAxYTMwMzVmNzgyZjMzNzY2NTIxZDIxOGY1ZWY2MzZiODRlMjhhYjIxZTkxZjAwYTc0NWEyNTkyMWUwNGZkMGZhOWI0NTMyOWU3N2RkM2NkOTMwMjBiZmYwNDNkNzE0MDczNGYxZjgzYTI5ZTVkMzMxYWQ2MjNlYjE1N2IwMWM0M2Y2OGU0NTY4YmQxNGMy&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIn19.s86lgFNLhwDkrFbU8GgXsC4yY5HExbPvZkUcXjcepMk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Thu, 30 Nov 2023 03:48:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Fri, 01 Dec 2023 03:48:29 GMT
uncs=1; expires=Fri, 01 Dec 2023 03:48:29 GMT
pdhtkv28=true; expires=Fri, 01 Dec 2023 03:48:29 GMT
uncs28=1; expires=Fri, 01 Dec 2023 03:48:29 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe88eccc13e1bd498a3f0c66efff5065
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
307 Temporary Redirect 0 B URL User Request GET HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; domain=.unibet.com; expires=Sat, 30-Nov-3022 03:48:30 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0DgZoZQAAAAB+l12+8lf9T4X3L4/tYL/FU1ZHMjBFREdFMDUwNwAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Thu, 30 Nov 2023 03:48:29 GMT
content-length: 0
X-Firefox-Spdy: h2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 30 Nov 2023 03:48:30 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node01nf0a2nidou0s1pbbhwlodwcgy3817340.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01nf0a2nidou0s1pbbhwlodwcg; Path=/; Domain=.unibet.com; Expires=Sat, 29-Nov-2025 03:48:30 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Sat, 29-Nov-2025 03:48:30 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Sat, 29-Nov-2025 03:48:30 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 30 Nov 2023 03:48:30 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_5CFDD6EC9F794A99877E435518B82137&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 30 Nov 2023 03:48:30 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 30 Nov 2023 03:48:30 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 30 Nov 2023 03:48:30 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d7d8fa156c1-OSL
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
200 OK 956 B URL GET HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
200 OK 5.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: text/css; charset=utf-8
cf-ray: 82e01d7d5f8a56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 597632
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
200 OK 1.0 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 678df4d8ef9b4aa957e5433dd94fb7e4
fd8a4109a2f00c19679f25d18be017541ff6fea5
bdbca379909a5f57b65b90094901804655f8cd82c05312a754320b7ae30c5187
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d7f9b56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 7843
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65451)
Hash a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:51:14 GMT
expires: Fri, 29 Nov 2024 02:51:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 3437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
200 OK 2.3 kB URL GET HTTP/2 welcome.unibet.com/custom.js
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash 7bf01e92dd55d5fa298f55fbcb9afd30
4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc
2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: application/javascript
cf-ray: 82e01d7d6f9256c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 5698
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 30 Nov 2023 03:48:31 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d7f583656c1-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
200 OK 98 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 82e01d7f583a56c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 511760
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
200 OK 23 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (54456), with no line terminators
Hash 7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 587779
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8jzXJKQtbIb9CZ4GMzz1FGedgvHC7b60HFqYJq2czHsaBXU1aBeuXPVjcMf2%2FdZq%2B05ypK%2FjvOa9NCH80zOidcGOg0CDgQDJUk4ONUJXtc5XszVyXXyiLBkAQmuEc1yvH%2Bbxu9Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d7e99ab48b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
200 OK 10 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d6f9556c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 516962
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
200 OK 4.9 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash 7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d7f9656c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 604787
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domainId=368058®ion=default
75 kB URL the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domainId=368058®ion=default
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (20783)
Hash a4c8247d3a648389751918a3f2e74611
792ae0015c55a9b11cfd6497d82e465de572fba2
24e9a9a3b6ca7ea7dd61d81cac443955fa112ccc13aca4437d9186e3e4e31248
GET /cmp/v2/main_modal_firstpage?domainId=368058®ion=default HTTP/1.1
Host: the.gatekeeperconsent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betterstudio.com/
Content-Type: application/json
Origin: https://betterstudio.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 03:48:24 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://betterstudio.com
access-control-max-age: 1728000
cache-control: public, max-age=2592000, no-store
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Wed, 29 Nov 2023 21:16:38 GMT
cf-cache-status: HIT
age: 20410
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pj5kUyhsk8PKuqGq5CbxLqNGsR8lt6RMQ0yAudFkPb7YSHUqVNFy51AMaWTmZd%2Bx5sQUwTMCquWYun7ZowVw7KV9HqgTKHz5E0U7SoKwga9%2F6IX8Lk%2B9J3boWLw5%2BUAf8fXi0wyTQ%2FKMLehT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d528a3bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
200 OK 74 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 766897
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVeTJ3LMYgMsoaXElZXBEeZmjt8hghFlQ3yJAXKbIaXgOj9JnS%2FcCboRqPLlBfZt8RBSosgdedvEaRRYW5qI3QDtTnxJl7RJSXFWnKJ2%2FdIzNcXHvm17bV%2BqMJwfl4hgs%2B8MqFI3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e01d7faad648b1-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.unibet.com/
200 OK 28 kB IP
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type gzip compressed data\012- data
Hash a49acb06c71a640b973f2ae4aa8ba3e1
99a7fb07c930ec7f3c70d333efc9c37fb4ffe7cd
dcfbfa55e7243f6e6a4be300593974ad851582130567f6309632dd6ba5cf2640
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: text/html;charset=utf-8
x-request-id: f298c8d990a3a830cbf849526e27923a
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Thu, 30 Nov 2023 03:47:52 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 17:28:13 GMT
expires: Fri, 22 Nov 2024 17:28:13 GMT
cache-control: public, max-age=31536000
age: 555618
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 22298
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
200 OK 5.4 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, ASCII text, with very long lines (5609), with no line terminators
Hash 41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82e01d7d5f8e56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 514300
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
200 OK 1.1 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Hash 72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d7f9856c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 4221
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
200 OK 192 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (25136)
Size 192 kB (191584 bytes)
Hash da55a2c24db2657af91033b4ba1dd90a
b49e210658150a8a5fd77d9a1b2f96fd8d218053
aef150b87853271797a7b8520d2e93a1aab38dac1ebe4a6696e924d4f56012cf
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 30 Nov 2023 03:48:31 GMT
expires: Thu, 30 Nov 2023 03:48:31 GMT
cache-control: private, max-age=900
last-modified: Thu, 30 Nov 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67046
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
200 OK 1.8 kB URL GET HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (1881), with no line terminators
Hash 695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
200 OK 74 kB URL GET HTTP/2 www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (65378)
Hash 3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246
GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: application/javascript
last-modified: Wed, 29 Nov 2023 13:20:58 GMT
vary: Accept-Encoding
etag: W/"65673aba-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
200 OK 32 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d9fa656c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 77913
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
200 OK 3.2 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Hash 910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d6f9356c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 84262
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
200 OK 807 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Hash f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d6f9456c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 77837
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
200 OK 17 kB URL User Request GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
IP
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: text/html; charset=utf-8
cf-ray: 82e01d7b4f0756c1-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 19f348d6-b01e-003b-0240-2357a6000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_5CFDD6EC9F794A99877E435518B82137;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
200 OK 421 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137; _sp_ses.ab54=*; _sp_id.ab54=d57ebd45-387a-427b-990a-69311893bdda.1701316116.1.1701316116..198f2194-6a69-4e14-90dd-dc56afea56c4....0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: image/x-icon
cf-ray: 82e01d81b92b56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 77767
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
200 OK 1.1 kB URL GET HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Hash 8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:32 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 310
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d841ff256bd-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
200 OK 5.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Hash e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d7f9756c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 600483
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
200 OK 15 kB URL GET HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (693)
Hash 5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82e01d7f080956c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 503092
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
200 OK 4.7 kB URL GET HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Hash 631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Thu, 30 Nov 2023 03:48:31 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:57:34 GMT
expires: Fri, 22 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 600657
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
200 OK 1.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Hash 49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: image/svg+xml
cf-ray: 82e01d7d8f9f56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 504010
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
200 OK 11 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:31 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82e01d7f885056c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 5604
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
200 OK 4.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Hash cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701316110303)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231130348%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210640223148%7c1%22%7d%5d; __ucbt=node01nf0a2nidou0s1pbbhwlodwcg; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_5CFDD6EC9F794A99877E435518B82137; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_5CFDD6EC9F794A99877E435518B82137%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_5CFDD6EC9F794A99877E435518B82137
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:30 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82e01d7d5f8c56c1-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 419754
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
200 OK 6.4 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (6530), with no line terminators
Hash feddc562097e437af08febef83792dbe
4d1d430f50e555657f1a135bcf655877597b38ca
284e88ea80c2a259fedfeb2cd060bd55616e22a73693c779061741385239c46b
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 30 Nov 2023 03:48:31 GMT
date: Thu, 30 Nov 2023 03:48:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
200 OK 25 kB URL GET HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:32 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 489
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d842ff656bd-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
200 OK 4.9 kB URL GET HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_5CFDD6EC9F794A99877E435518B82137&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Hash 7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 03:48:32 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 489
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e01d842ff456bd-OSL
content-encoding: br
X-Firefox-Spdy: h2
104.21.82.147
172.64.136.15
35.157.159.40
85.184.96.28
104.40.147.180