Report - haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=[sohreyan,da,pind,aa,gaya,watch,hd,mp4,videos,download,free]&refer=mxtubes.live/sohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1

Report Overview

URL

haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=[sohreyan,da,pind,aa,gaya,watch,hd,mp4,videos,download,free]&refer=mxtubes.live/sohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1
IP

192.243.61.227

ASN

#39572 DataWeb Global Group B.V.
Submitted

2022-11-21T04:34:51Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

6

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
unibet.demdex.net (1)	338024	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	487	3454	54.194.72.129
use.fontawesome.com (1)	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430	1026	172.64.133.15
eu.can-get-so.me (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	539	544	157.90.33.78
35.227.234.222 (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	403	225	35.227.234.222
a1s.unibet.com (1)	297625	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383	1999	85.184.96.5
fonts.gstatic.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485	16689	216.58.207.195
secure.adnxs.com (2)	396	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	794	1760	185.89.210.20
cm.everesttech.net (1)	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	428	475	99.80.65.0
ocsp.digicert.com (10)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3410	6757	93.184.220.29
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
ak.hetapus.com (3)	237658	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1773	5483	23.36.77.10
a1s-cdn.unibet.com (1)	283505	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395	1667	85.184.96.5
welcome.unibet.nu (20)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	24018	400149	104.18.24.188
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5856	34.160.144.191
binomnet.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	731	482	162.19.86.114
haglance.com (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2219	4885	192.243.59.13
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401	746	142.250.74.10
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	44.238.3.246
ocsp.sectigo.com (1)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340	963	172.64.155.188
my.rtmark.net (1)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	424	678	139.45.195.8
adserving.unibet.com (1)	98000	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	496	1330	23.36.79.43
c.bannerflow.net (1)	10957	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	463	470	104.16.12.64
cdn.bannerflow.com (3)	23819	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1310	1734	104.16.172.188
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	34.102.187.140
www.spikereekvelocity.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2259	4199	192.243.61.225
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	49454	34.120.237.76
ocsp.pki.goog (5)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1715	3500	142.250.74.35
unibetlondonltd.d3.sc.omtrdc.net (2)	444877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2425	991	15.188.95.229
r3.o.lencr.org (9)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3042	7983	23.36.77.32
www.unibet.nu (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2155	6012	85.184.96.0
ajax.googleapis.com (1)	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393	31499	142.250.74.106
dpm.demdex.net (3)	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1398	2642	34.251.0.198
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	143.204.42.88

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-21	medium	haglance.com	Sinkholed
2022-11-21	medium	haglance.com	Sinkholed
2022-11-21	medium	haglance.com	Sinkholed
2022-11-20	medium	spikereekvelocity.com	Sinkholed
2022-11-20	medium	spikereekvelocity.com	Sinkholed
2022-11-21	medium	35.227.234.222	Sinkholed

HTTP Transactions (91)

URL IP Response Size

haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=[sohreyan,da,pind,aa,gaya,watch,hd,mp4,videos,download,free]&refer=https://mxtubes.live/sohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1

192.243.59.13

307 Temporary Redirect

URL HTTP/1.1

haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=[sohreyan,da,pind,aa,gaya,watch,hd,mp4,videos,download,free]&refer=https://mxtubes.live/sohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1
IP

192.243.59.13:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=[sohreyan,da,pind,aa,gaya,watch,hd,mp4,videos,download,free]&refer=https://mxtubes.live/sohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1 HTTP/1.1
Host: haglance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Mon, 21 Nov 2022 04:34:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mxtubes.live/sohreyan-da-pind-aa-gaya
Access-Control-Allow-Origin: https://mxtubes.live/sohreyan-da-pind-aa-gaya
Access-Control-Allow-Credentials: true
Location: http://haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=%5Bsohreyan%2Cda%2Cpind%2Caa%2Cgaya%2Cwatch%2Chd%2Cmp4%2Cvideos%2Cdownload%2Cfree%5D&refer=https%3A%2F%2Fmxtubes.live%2Fsohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42%3A1%3A1&shu=9809ac4db33401bd0da5e9bea95c240a8046c1336e62e67b038fc89e27fa310582f310c261bbc1a3ded896e783d5d6527c8ce9e2be4cc45cdcb42cc8eb9e65c6c747d1a0078e6f4c7069effb51d32726aef230dbff6868c7fd690c8adc5e80&pst=1669005340&rmtc=t
Set-Cookie: u_pl=17347003; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM0NzAwMywiayI6ImQzMzY5ZDRkMjJlMjgyNTdlNzIwYzg5NmQxMWFmZDhmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTg5MzQ4LCJwaWQiOjYxNTA2LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjEsImFpZCI6NSwicHQiOjQsInBrIjoidHNxejJlOHMwIiwiY3BrcyI6eyAiMjgiOiJkZTA0M2RiMWI5MmFlN2VlNjI0YmMzNTkxNTE0OTIzNiIsIjI5IjoiMjk2MDVmZjc2NmI5YzM5OGVlMDY0ZDAxMWE1ZTIxMGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL214dHViZXMubGl2ZS9zb2hyZXlhbi1kYS1waW5kLWFhLWdheWEifX0.2cKoID8IjoDCE5kF1kCu9IzcsX4kQSKG_0tpNBZmeNs; expires=Mon, 21 Nov 2022 04:35:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18455b6d354f39854a6d9099445ad2c4
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6ed951622549ed76959631f8a1bf497b

682b2dd2a72190510e3fa7bdb0c0c6f25a322dfb

86f5e5ae2da408a899d16c83b7ca441033ac0c30062cd29f2db1b1b5be666746

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86F5E5AE2DA408A899D16C83B7CA441033AC0C30062CD29F2DB1B1B5BE666746"
Last-Modified: Sat, 19 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10459
Expires: Mon, 21 Nov 2022 07:28:59 GMT
Date: Mon, 21 Nov 2022 04:34:40 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

2061bb5a62c7dbe5a39e49a98bf7d214

812ff4923fc0fa69fa7db7c362d5af728e297099

6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2388
Cache-Control: max-age=110192
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:34:40 GMT
Etag: "637a01fc-1d7"
Expires: Tue, 22 Nov 2022 11:11:12 GMT
Last-Modified: Sun, 20 Nov 2022 10:31:24 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1cee7787feebac18f9eca273e56e3741

3a7dac544172921e24c2a1701beef5079b21d01b

79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10947
Expires: Mon, 21 Nov 2022 07:37:07 GMT
Date: Mon, 21 Nov 2022 04:34:40 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

d130218d0e2841f39c99610fe1a2ab90

29fbe1e177ee55c7a61ae0a206afff271cf5f945

6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 21 Nov 2022 03:45:06 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2974
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

9ebddc2b260d081ebbefee47c037cb28

492bad62a7ca6a74738921ef5ae6f0be5edebf39

74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: DzM+9eO5ygWOdQLMUyjyNXtBx8WLOMFpL/yO1cwfy2vx/LU224oTB2+x4D1EOF+LRpiDn1Tp9tdn8Jdy10t09Q==
x-amz-request-id: P69MM3EZ5BW6NVF7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 03:41:58 GMT
age: 3162
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 21 Nov 2022 04:34:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=%5Bsohreyan%2Cda%2Cpind%2Caa%2Cgaya%2Cwatch%2Chd%2Cmp4%2Cvideos%2Cdownload%2Cfree%5D&refer=https%3A%2F%2Fmxtubes.live%2Fsohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42%3A1%3A1&shu=9809ac4db33401bd0da5e9bea95c240a8046c1336e62e67b038fc89e27fa310582f310c261bbc1a3ded896e783d5d6527c8ce9e2be4cc45cdcb42cc8eb9e65c6c747d1a0078e6f4c7069effb51d32726aef230dbff6868c7fd690c8adc5e80&pst=1669005340&rmtc=t

192.243.59.13

200 OK

642

URL HTTP/1.1

haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=%5Bsohreyan%2Cda%2Cpind%2Caa%2Cgaya%2Cwatch%2Chd%2Cmp4%2Cvideos%2Cdownload%2Cfree%5D&refer=https%3A%2F%2Fmxtubes.live%2Fsohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42%3A1%3A1&shu=9809ac4db33401bd0da5e9bea95c240a8046c1336e62e67b038fc89e27fa310582f310c261bbc1a3ded896e783d5d6527c8ce9e2be4cc45cdcb42cc8eb9e65c6c747d1a0078e6f4c7069effb51d32726aef230dbff6868c7fd690c8adc5e80&pst=1669005340&rmtc=t
IP

192.243.59.13:0
ASN

#39572 DataWeb Global Group B.V.

Magic

HTML document text\012- HTML document, ASCII text, with very long lines (602)

Size

642
Hash

c5527d5ac7f38ea1a9908180629eeaf8

1bc63fcad9dd1f1a4ae7978143cb702c8603fe04

758f94434e11d09e1f50a119dc4cdad64754e82712b35a8b8adaeaf357e83945

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=%5Bsohreyan%2Cda%2Cpind%2Caa%2Cgaya%2Cwatch%2Chd%2Cmp4%2Cvideos%2Cdownload%2Cfree%5D&refer=https%3A%2F%2Fmxtubes.live%2Fsohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42%3A1%3A1&shu=9809ac4db33401bd0da5e9bea95c240a8046c1336e62e67b038fc89e27fa310582f310c261bbc1a3ded896e783d5d6527c8ce9e2be4cc45cdcb42cc8eb9e65c6c747d1a0078e6f4c7069effb51d32726aef230dbff6868c7fd690c8adc5e80&pst=1669005340&rmtc=t HTTP/1.1
Host: haglance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 21 Nov 2022 04:34:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mxtubes.live/sohreyan-da-pind-aa-gaya
Access-Control-Allow-Origin: https://mxtubes.live/sohreyan-da-pind-aa-gaya
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17347003; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
uid_id2=ed16860a-8980-4ff3-be29-ebcf0c0e2d42:1:1; expires=Mon, 28 Nov 2022 04:34:40 GMT; secure; SameSite=None
iprcd0cbd14e6c3e51712cab65d5a64c7fa0=2717340; expires=Tue, 22 Nov 2022 06:34:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
uncs=1; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 22 Nov 2022 04:34:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4c68b072f4e6d0efbb87ba20cd6f699b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

haglance.com/favicon.ico

192.243.59.13

200 OK

URL HTTP/1.1

haglance.com/favicon.ico
IP

192.243.59.13:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: haglance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://haglance.com/watch.201383971924.js?key=d3369d4d22e28257e720c896d11afd8f&kw=%5Bsohreyan%2Cda%2Cpind%2Caa%2Cgaya%2Cwatch%2Chd%2Cmp4%2Cvideos%2Cdownload%2Cfree%5D&refer=https%3A%2F%2Fmxtubes.live%2Fsohreyan-da-pind-aa-gaya&tz=5.5&dev=r&res=12.31&uuid=ed16860a-8980-4ff3-be29-ebcf0c0e2d42%3A1%3A1&shu=9809ac4db33401bd0da5e9bea95c240a8046c1336e62e67b038fc89e27fa310582f310c261bbc1a3ded896e783d5d6527c8ce9e2be4cc45cdcb42cc8eb9e65c6c747d1a0078e6f4c7069effb51d32726aef230dbff6868c7fd690c8adc5e80&pst=1669005340&rmtc=t

                                        HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 21 Nov 2022 04:34:41 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4fb73f8f8675568a6f8e474398fb2eaa
Strict-Transport-Security: max-age=0; includeSubdomains

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

34.102.187.140:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 21 Nov 2022 04:25:04 GMT
cache-control: public,max-age=3600
age: 577
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

27138f8625c320bd1434ccd92263b641

6a8f18728c9f324c1c631ffc85901d84ec4d0e0c

02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4325
Cache-Control: max-age=107057
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 04:34:41 GMT
Etag: "6379ee2d-1d7"
Expires: Tue, 22 Nov 2022 10:18:58 GMT
Last-Modified: Sun, 20 Nov 2022 09:06:53 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c99561b2d73f208fb14b804992f0d312

d95f8d3e6e3f61d46181452d4c08006eee5369b5

dc793baae4f7896ac0c9c46caff3b49a015ab1712c7fc21f8650c42314f55518

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC793BAAE4F7896AC0C9C46CAFF3B49A015AB1712C7FC21F8650C42314F55518"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11541
Expires: Mon, 21 Nov 2022 07:47:02 GMT
Date: Mon, 21 Nov 2022 04:34:41 GMT
Connection: keep-alive

www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17347003

192.243.61.225

200 OK

1243

URL HTTP/1.1

www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17347003
IP

192.243.61.225:0
ASN

#39572 DataWeb Global Group B.V.

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text

Size

1243
Hash

ce853adf5cc5f60fec5d30953b33c2b2

733a808d185dbb88e5c8634e2c8ae598b9accfb4

47d1ce81daf5a220c8324b8aaba47d394e2f2e4a3669f3d7a918c5431334c932

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17347003 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://haglance.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 21 Nov 2022 04:34:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Tue, 22 Nov 2022 04:34:41 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTczNDcwMDMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2hhZ2xhbmNlLmNvbS8ifX0.BX02eLXLodF0elrrP09KOpdy_owu1JkiXgliDJMrLuY; expires=Mon, 21 Nov 2022 04:35:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d77f4d6e74b451cb10db7b5091ef53b6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

push.services.mozilla.com/

44.238.3.246

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

44.238.3.246:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8yvtTzjBBr3YmqqdVJ423w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UEsvEAf+aRgQz6d10Iniu4hkGr4=

www.spikereekvelocity.com/dyfc1k09?shu=c868437f3bc9c0f32042eb9cffe8f05c70d7589a34aad942f4484849057abf1b69a7dde6acae8af8f5f8aed98f421181475c857ef8de72d16151e830c29a8f2aae0ee9f4eb82dae96ade7858bc4602babef83a7e&pst=1669005341&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fhaglance.com%2F&psid=17347003

192.243.61.225

302 Found

URL HTTP/1.1

www.spikereekvelocity.com/dyfc1k09?shu=c868437f3bc9c0f32042eb9cffe8f05c70d7589a34aad942f4484849057abf1b69a7dde6acae8af8f5f8aed98f421181475c857ef8de72d16151e830c29a8f2aae0ee9f4eb82dae96ade7858bc4602babef83a7e&pst=1669005341&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fhaglance.com%2F&psid=17347003
IP

192.243.61.225:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /dyfc1k09?shu=c868437f3bc9c0f32042eb9cffe8f05c70d7589a34aad942f4484849057abf1b69a7dde6acae8af8f5f8aed98f421181475c857ef8de72d16151e830c29a8f2aae0ee9f4eb82dae96ade7858bc4602babef83a7e&pst=1669005341&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fhaglance.com%2F&psid=17347003 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTczNDcwMDMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2hhZ2xhbmNlLmNvbS8ifX0.BX02eLXLodF0elrrP09KOpdy_owu1JkiXgliDJMrLuY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Mon, 21 Nov 2022 04:34:42 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://binomnet.com/c3t2l4k.php?key=2aj5jocgowtxyohmxrfg&SUB_ID_SHORT=18751caa2982c03015781348f231f033&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=686695&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2030552
Set-Cookie: iprc44c917a9e5058926a2dbc95382778550=3802249; expires=Tue, 22 Nov 2022 04:34:42 GMT
pdhtkv=true; expires=Tue, 22 Nov 2022 04:34:42 GMT
uncs=1; expires=Tue, 22 Nov 2022 04:34:42 GMT
pdhtkv28=true; expires=Tue, 22 Nov 2022 04:34:42 GMT
uncs28=1; expires=Tue, 22 Nov 2022 04:34:42 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed13f5ad181d23b32cca64740efd3f1a
Strict-Transport-Security: max-age=0; includeSubdomains

binomnet.com/c3t2l4k.php?key=2aj5jocgowtxyohmxrfg&SUB_ID_SHORT=18751caa2982c03015781348f231f033&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=686695&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2030552

162.19.86.114

302 Found

URL HTTP/1.1

binomnet.com/c3t2l4k.php?key=2aj5jocgowtxyohmxrfg&SUB_ID_SHORT=18751caa2982c03015781348f231f033&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=686695&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2030552
IP

162.19.86.114:0
ASN

#16276 OVH SAS

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /c3t2l4k.php?key=2aj5jocgowtxyohmxrfg&SUB_ID_SHORT=18751caa2982c03015781348f231f033&Cost=0.900000&PLACEMENT_ID=16122660&CAMPAIGN_ID=686695&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2030552 HTTP/1.1
Host: binomnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Mon, 21 Nov 2022 04:34:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=xoj6a19l6o; expires=Tue, 22-Nov-2022 04:34:42 GMT; Max-Age=86400; path=/
uclickhash=xoj6a19l6o-xoj6a19l6o-h93y-0-h93y-y96o-y9dz-33e09c; expires=Tue, 22-Nov-2022 04:34:42 GMT; Max-Age=86400; path=/
Location: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=15cc5xoj6a19l6o11b&var=16122660

ak.hetapus.com/afu.php?zoneid=5460778&ymid=15cc5xoj6a19l6o11b&var=16122660

23.36.77.10

200 OK

2989

URL HTTP/2

ak.hetapus.com/afu.php?zoneid=5460778&ymid=15cc5xoj6a19l6o11b&var=16122660
IP

23.36.77.10:0
ASN

#20940 Akamai International B.V.

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)

Size

2989
Hash

f44ae251614dc87e678e7e04913cc65e

2f564d7e66899420125edfe969cfc1d40d9038ca

f75f137793d0080e71c13f0910b63e29940ea4009eb4e4a4192dddb4465398cb

HTTP Headers

                                        GET /afu.php?zoneid=5460778&ymid=15cc5xoj6a19l6o11b&var=16122660 HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: a1aed1e40b16d248b94b94a8f4a3f220
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
expires: Mon, 21 Nov 2022 04:34:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 21 Nov 2022 04:34:42 GMT
content-length: 2989
vary: Accept-Encoding
set-cookie: OAID=9957c5c342834ba3aa204f4549e06d90; expires=Tue, 21 Nov 2023 04:34:42 GMT; path=/; secure; SameSite=None
oaidts=1669005282; expires=Tue, 21 Nov 2023 04:34:42 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

419e11329b40f6d11706372a1618331f

f6846a20afbbe22c8ad5be20cc711014bc314a27

91f7516f31fec4ded19345ceda5e923324666f5d20c75c47bc36d95a31c43cf3

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 21 Nov 2022 04:34:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 18:25:19 GMT
Expires: Thu, 24 Nov 2022 18:25:18 GMT
Etag: "f6846a20afbbe22c8ad5be20cc711014bc314a27"
Cache-Control: max-age=308435,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76d6b6e99c94b51b-OSL

ak.hetapus.com/favicon.ico

23.36.77.10

204 No Content

URL HTTP/2

ak.hetapus.com/favicon.ico
IP

23.36.77.10:0
ASN

#20940 Akamai International B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=15cc5xoj6a19l6o11b&var=16122660
Cookie: OAID=9957c5c342834ba3aa204f4549e06d90; oaidts=1669005282
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 204 No Content
expires: Mon, 21 Nov 2022 04:34:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 21 Nov 2022 04:34:42 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12886
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:34:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12886
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:34:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12886
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:34:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12886
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:34:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

798ef0955be535268547903e74dacfcd

782823486f9ded693609cade264d1950e816f7d0

75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12886
Expires: Mon, 21 Nov 2022 08:09:28 GMT
Date: Mon, 21 Nov 2022 04:34:42 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb9f9461-c4fb-4fba-a0ad-0a419f96237c.jpeg

34.120.237.76

200 OK

9644

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb9f9461-c4fb-4fba-a0ad-0a419f96237c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9644
Hash

751cad08f062dbcb559f738326b93315

3f0f79d704bc79b295dc800853e92cc16ecbc946

c74d301427cf7e6e37871b43220147ef97481a23c376d4df80a6ae74bc828fb4

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb9f9461-c4fb-4fba-a0ad-0a419f96237c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9644
x-amzn-requestid: b25e6d05-55f2-4ba4-88f6-479ba4253c65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1OUFE26oAMFrXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63785db3-724d084e6bd9595a3138723e;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 04:38:11 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: tiN7cNeX-O9iaxmbrj2Dyp5lXGAffiVkpR7NYye59AkgKUGbKPLg3g==
via: 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 09:24:23 GMT
age: 69019
etag: "3f0f79d704bc79b295dc800853e92cc16ecbc946"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=9957c5c342834ba3aa204f4549e06d90

139.45.195.8

200 OK

URL HTTP/2

my.rtmark.net/img.gif?f=merge&userId=9957c5c342834ba3aa204f4549e06d90
IP

139.45.195.8:0
ASN

#9002 RETN Limited

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

43
Hash

b4491705564909da7f9eaf749dbbfbb1

279315d507855c6a4351e1e2c2f39dd9cd2fccd8

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

                                        GET /img.gif?f=merge&userId=9957c5c342834ba3aa204f4549e06d90 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 21 Nov 2022 04:34:42 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9957c5c342834ba3aa204f4549e06d90; expires=Tue, 21 Nov 2023 04:34:42 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9042

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9042
Hash

4a8070a1aa0d48b75c639fa24eec3d96

14a81b4e2bdcdcdd951aa6660dc640c0292a2109

70b29ce3872a0c46d8d0e61f2801df1a98c8ea6e516adb1c2fe1bdad35f654f6

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9042
x-amzn-requestid: 02203d7e-e15a-40d8-a09e-c40299c6f332
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bu2bSH6xoAMF1FA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375d114-79f15fbc1c64941e54c6d5e3;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 06:13:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YHoIX9fgjqNaOq_84IdURDMNigg62C8616_qky56Xx7ok4LJvvqEfw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 13:29:49 GMT
age: 54293
etag: "14a81b4e2bdcdcdd951aa6660dc640c0292a2109"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7013

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc808a76a-e93b-4c6e-9163-b69ab5e7076e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7013
Hash

994eefbfbd0e842814d889c8d279d375

34bc1857b5e78b3a059f9a1b3eed33bd8d3fe920

c5c510dcf074dbb2d180f3d3e5013aef84016a095c154ee091b88d68cf528e42

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc808a76a-e93b-4c6e-9163-b69ab5e7076e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7013
x-amzn-requestid: 2ca74e56-be57-4f3d-85d0-f937bc3ace9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: buJZcHKnIAMF6Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63758909-6d753cac1d6d55255aecb08a;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 01:06:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: u6cuVA2ZBv1RuSv2A2x5jM9mrsKoJ9o4M8tCuhi_yp4rR09AAV0jsA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 22:17:25 GMT
age: 22637
etag: "34bc1857b5e78b3a059f9a1b3eed33bd8d3fe920"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4309

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4309
Hash

841a4b110022a99ddea6f7bf66df0fa1

126771b86638108050cf57c0d12faa27f80f0edb

240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 07:27:17 GMT
age: 76045
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5342

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5342
Hash

a9e0f5c07511d0f6ad0f2441db92797d

2dcc6187d7173ce741975ad4ec24435c9dcb0880

3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: PkFAourr7ixQ5NYcdMugerMxFTdCLgIAaBz6erANuppgzE2Tm4yVpA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 22:34:27 GMT
age: 21615
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7776

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d0200f7-6c58-4279-9894-e77af33a20b9.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7776
Hash

90c4a11a433a7e6f63d5a7e4a002670c

3dd59232288f753e2497e7a4aa941170bf749c19

fd8269b78bdcdf90605b584ee03e16b0fbd9c63671e0bc114e231f6aaa50f5b9

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d0200f7-6c58-4279-9894-e77af33a20b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7776
x-amzn-requestid: bb008677-aa5c-4097-8c01-fe1ee60f8e55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bXWfeE9LoAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c6ac9-3ecac1081f7f8b2c54bb3d76;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 03:06:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AClt1dfxNEnWC_rf8wD5FRFperdQApthZGSC-NUQejIYtEKwwE3S7A==
via: 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 22:01:07 GMT
age: 23615
etag: "3dd59232288f753e2497e7a4aa941170bf749c19"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false

23.36.77.10

302 Found

URL HTTP/2

ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false
IP

23.36.77.10:0
ASN

#20940 Akamai International B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /?z=5460778&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 548
Origin: https://ak.hetapus.com
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&var=5460778&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=9957c5c342834ba3aa204f4549e06d90; oaidts=1669005282
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 302 Found
content-length: 0
x-trace-id: 6ba09b57ad5b0e6cde62bc36d52a568c
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=618415576091730868&subid1=5460778&cost=0.001400&rdk=rk3
access-control-allow-origin: https://ak.hetapus.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Mon, 21 Nov 2022 04:34:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 21 Nov 2022 04:34:43 GMT
set-cookie: OAID=9957c5c342834ba3aa204f4549e06d90; expires=Tue, 21 Nov 2023 04:34:43 GMT; path=/; secure; SameSite=None
oaidts=1669005282; expires=Tue, 21 Nov 2023 04:34:43 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 28 Nov 2022 04:34:43 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

422cb3153491ffccb4dafbbb9b8b1765

35f5680c972c7af96164abc6ac20692cb05a3e0e

ac60419631867ecd984b106e0b99e95fce040470a4c881d63058290f8e2f76ea

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC60419631867ECD984B106E0B99E95FCE040470A4C881D63058290F8E2F76EA"
Last-Modified: Sat, 19 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15153
Expires: Mon, 21 Nov 2022 08:47:16 GMT
Date: Mon, 21 Nov 2022 04:34:43 GMT
Connection: keep-alive

eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=618415576091730868&subid1=5460778&cost=0.001400&rdk=rk3

157.90.33.78

302 Found

URL HTTP/2

eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=618415576091730868&subid1=5460778&cost=0.001400&rdk=rk3
IP

157.90.33.78:0
ASN

#24940 Hetzner Online GmbH

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=618415576091730868&subid1=5460778&cost=0.001400&rdk=rk3 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 302 Found
server: nginx
date: Mon, 21 Nov 2022 04:34:43 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
set-cookie: rauid=UOLjzS-qSjef8XVqeT_EMw; expires=Tue, 21 Nov 2023 04:34:43 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop

35.227.234.222

302 Found

URL HTTP/1.1

35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
IP

35.227.234.222:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop HTTP/1.1
Host: 35.227.234.222
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 21 Nov 2022 04:34:43 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
Via: 1.1 google

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB

23.36.79.43

307 Temporary Redirect

URL HTTP/2

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
IP

23.36.79.43:0
ASN

#20940 Akamai International B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799380&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/index.html&targetDomain=https://welcome.unibet.nu&btag=320669908_B656D359DF024F49A9AF6E5E2DB5BB45&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 21 Nov 2022 04:34:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 21 Nov 2022 04:34:43 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669005283317)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221121434%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228436921553%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 21-Nov-3021 04:34:43 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=47
X-Firefox-Spdy: h2

www.unibet.nu/stan/campaign.do?cmpId=2799380&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/index.html&targetDomain=https://welcome.unibet.nu&btag=320669908_B656D359DF024F49A9AF6E5E2DB5BB45&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950

85.184.96.0

301 Moved Permanently

URL HTTP/2

www.unibet.nu/stan/campaign.do?cmpId=2799380&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/index.html&targetDomain=https://welcome.unibet.nu&btag=320669908_B656D359DF024F49A9AF6E5E2DB5BB45&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
IP

85.184.96.0:0
ASN

#47171 Unibet Services Limited

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /stan/campaign.do?cmpId=2799380&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/index.html&targetDomain=https://welcome.unibet.nu&btag=320669908_B656D359DF024F49A9AF6E5E2DB5BB45&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 301 Moved Permanently
date: Mon, 21 Nov 2022 04:34:43 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799380&affiliateId=1&unibetTarget=/nu/pop/sportsbook/football/wc/index.html&targetDomain=https://welcome.unibet.nu&btag=320669908_B656D359DF024F49A9AF6E5E2DB5BB45&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.nu%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
set-cookie: JSESSIONID=node01pvk6ceqzykno182uddon6hq2i3549272.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01pvk6ceqzykno182uddon6hq2; Path=/; Domain=.unibet.nu; Expires=Wed, 20-Nov-2024 04:34:43 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Wed, 20-Nov-2024 04:34:43 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Wed, 20-Nov-2024 04:34:43 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2799380; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 21-Nov-2022 04:34:58 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669908_B656D359DF024F49A9AF6E5E2DB5BB45; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=85891437; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799380%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Ffootball%2Fwc%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.nu%26btag%3D320669908_B656D359DF024F49A9AF6E5E2DB5BB45%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2799380; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 21-Nov-2022 04:34:58 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2799380; Path=/; Domain=.unibet.nu; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.nu; Expires=Mon, 21-Nov-2022 04:34:58 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 21 Nov 2022 04:34:43 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (38)

#1 JS:Script (size: 6684)

#2 JS:Script (size: 357)

#3 JS:Script (size: 6549)

#4 JS:Script (size: 891)

#5 JS:Script (size: 92)

#6 JS:Script (size: 235)

#7 JS:Script (size: 721)

#8 JS:Script (size: 2572)

#9 JS:Script (size: 6791)

#10 JS:Script (size: 5881)

#11 JS:Script (size: 4517)

#12 JS:Script (size: 59274)

#13 JS:Script (size: 147)

#14 JS:Script (size: 2159)

#15 JS:Script (size: 226)

#16 JS:Script (size: 2133)

#17 JS:Script (size: 86927)

#18 JS:Script (size: 7478)

#19 JS:Script (size: 469)

#20 JS:Script (size: 5408)

#21 JS:Script (size: 956)

#22 JS:Script (size: 37113)

#23 JS:Script (size: 5372)

#24 JS:Script (size: 29)

#25 JS:Script (size: 1797)

#26 JS:Script (size: 238620)

#27 JS:Script (size: 667)

#28 JS:Script (size: 277)

#29 JS:Script (size: 2700)

#1 JS:Eval (size: 132)

#2 JS:Eval (size: 71)

#3 JS:Eval (size: 60)

#4 JS:Eval (size: 62)

#5 JS:Eval (size: 61)

#6 JS:Eval (size: 88)

#7 JS:Eval (size: 55)

#8 JS:Eval (size: 135)

#9 JS:Eval (size: 54)

HTTP Transactions (91)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN