www.ihaan.org/404error.php
188.114.97.1 3.8 kB URL www.ihaan.org/404error.php
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1102), with CRLF, LF line terminators
Hash 8dbc50fae2992d62c36731490bb452ef
2561e9574ee3a72eac7ff26bf080dd31026a000d
b20f60da38e2efccdb5a4b954e13599adc90297e71330bb9cb96f1e4257ac24e
GET /404error.php HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/5.6.40
set-cookie: PHPSESSID=pb6qpehrejv5vsj6g1oclhqqh0; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLYCgFI%2BYGqVfaOSQE4kyvl2Yqql1Zh6Ai3ne1gfCjpwIDx8jmA%2Bb2ivaC5LdHOBLrSbOJAh7%2BsTtE6ylogIPK4TfNLr%2Fvx8iAlb%2FDkI%2Bz7Dye8zh0cUkvMwb6lY3%2FcA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723bcba17130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.ihaan.org/templates/wistie/css/dropdown.css
188.114.96.1 360 B URL www.ihaan.org/templates/wistie/css/dropdown.css
IP 188.114.96.1:0
File type ASCII text, with CRLF line terminators
Hash 58b795f6cefaf2378a12d2d3121babb0
95f40c5cfb90f31f30235fab9765e0bd40a5f732
48cfa97ef881038ce79ed881bbc0ff875ef0a2d38bed5c39fa76962f87a66fe6
GET /templates/wistie/css/dropdown.css HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 360
Connection: keep-alive
cache-control: public, max-age=604800
expires: Mon, 11 Dec 2023 19:26:57 GMT
content-encoding: gzip
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 23
Last-Modified: Mon, 04 Dec 2023 19:26:58 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ymTmuBl4Tj5xamNI3%2BQAl9jeoMBT1WOE2YPUEDA0SklJbM8f0oxWplLeK7sK2jlEEeKdm%2B26a35%2Bs1Wp3xVRSoUPDgq5XD6Lx5v1dkyS7ONXcP%2BWVzjC2c65PGreuPc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723e7b46b50b-OSL
alt-svc: h2=":443"; ma=60
www.ihaan.org/templates/wistie/css/style.css
188.114.97.1 3.5 kB URL www.ihaan.org/templates/wistie/css/style.css
IP 188.114.97.1:0
Hash 57f485cfa7dce780bca79ad689fd3e83
7133ec5b53926b7483c69960c9eb31a14c82602e
55ba2eaa401280cbc43dfc132e42d6a8eec051d01f04533b43d02978f1d0a18a
GET /templates/wistie/css/style.css HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 3535
Connection: keep-alive
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 01:59:34 GMT
content-encoding: gzip
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 322067
Last-Modified: Fri, 01 Dec 2023 01:59:34 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgF27yoPvWm5wX82kE6thb74sTHQ4UfopF9SZtT6SmYL6C2juGGshcBIwFfHWlVfJH%2FGfbjrj0pIdncaUktisGJqLFOixqnxMtcCjGua4FmA1aiWwLnYM23Ugs%2Fgp6i%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723e7f537130-OSL
alt-svc: h2=":443"; ma=60
www.ihaan.org/3rdparty/speller/spellChecker.js
188.114.96.1 3.3 kB URL www.ihaan.org/3rdparty/speller/spellChecker.js
IP 188.114.96.1:0
File type ASCII text, with CRLF, LF line terminators
Hash a391da265b9d26567b40c18bd6b31a47
425d74d85ea80b87107bf5ee7a2ed1b9276028e2
4e9884754fee7fa9f8ca0b41ab0b375d671e05172e8a57ca2ba531678c43d34a
GET /3rdparty/speller/spellChecker.js HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 3318
Connection: keep-alive
cache-control: public, max-age=216000
expires: Thu, 07 Dec 2023 07:26:57 GMT
content-encoding: gzip
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 23
Last-Modified: Mon, 04 Dec 2023 19:26:58 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OBNy94qwKAHX3tk%2BRvymPLWaSDPSZiA5kl%2FNTaZuJo8jNHTIOvxHvbSu7SlSc65OWkwwFaK01uJxJ5xkcxFS4tSwUArr473qSoPYsf38yX%2BhRGYvtv4DZkPETOFRn9K"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723e8c54067b-OSL
alt-svc: h2=":443"; ma=60
www.ihaan.org/templates/wistie/css/dropdown-default.css
188.114.96.1 527 B URL www.ihaan.org/templates/wistie/css/dropdown-default.css
IP 188.114.96.1:0
File type ASCII text, with CRLF line terminators
Hash 14c4b399e4a59c1ef21c45815bcd43b7
225267909bacd0c71cf6eadd3ce8cd3c17b6b0c2
a8ac1b1d040f9dd09c5a28e84d27ac4dc26c6b39220a02a09484ba70d1019ddf
GET /templates/wistie/css/dropdown-default.css HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 527
Connection: keep-alive
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 01:59:34 GMT
content-encoding: gzip
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 322067
Last-Modified: Fri, 01 Dec 2023 01:59:34 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=INAqcnFy0Ag7auqnkwUIzJsse6vtiALWrkuzGE9M%2BLn8xMN5g3oOzsvbR%2Fh5QFR3wtrb%2FRROLXq9jU24GmkGIDqf7DklN0BZ2B40nllclg5XyI%2Bf0gD9JrPAUis0cvXO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723e7ba60b3d-OSL
alt-svc: h2=":443"; ma=60
ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js
142.250.74.74 52 kB URL ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32768)
Hash 02e1058fd3cb0799867ba932a4ad3b22
680f1bd5b4021dbac8b82d68a818d3a94f097ffd
e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984
GET /ajax/libs/jqueryui/1.8.18/jquery-ui.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 51847
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:59:52 GMT
expires: Fri, 29 Nov 2024 04:59:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 397649
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
142.250.74.74 34 kB URL ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 142.250.74.74:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash b8d64d0bc142b3f670cc0611b0aebcae
abcd2ba13348f178b17141b445bc99f1917d47af
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:23 GMT
expires: Fri, 29 Nov 2024 05:05:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 397318
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-980100140
142.250.74.168 74 kB URL www.googletagmanager.com/gtag/js?id=AW-980100140
IP 142.250.74.168:0
File type ASCII text, with very long lines (3026)
Hash 70a2f2a87b586d614e264f38e252a785
a6d37772e1055b4a210f468802a97b7e10706f4c
6b813af34c04d0a976a6a062861aac13bc6153ee1fa8070e5f30367573ca63f7
GET /gtag/js?id=AW-980100140 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 19:27:21 GMT
expires: Mon, 04 Dec 2023 19:27:21 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73991
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.ihaan.org/templates/xmlhttp.php
188.114.96.1 2.8 kB URL www.ihaan.org/templates/xmlhttp.php
IP 188.114.96.1:0
File type ASCII text, with CRLF, LF line terminators
Hash 36d76aaf64b3497ee74b8757bb5c420e
fbe9a961ada7e53f6fea46db87554ef7f3f1baa2
3b50ac6969133a1b5b20eb6e59d3253f00d15108b1397ae988ed03a19ea08db4
GET /templates/xmlhttp.php HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/x-javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/5.6.40
set-cookie: PHPSESSID=8d7piljhvaqfrchieq4mfom0p3; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16sn%2FkuJ1oqYkNe1nciANdlNEzN3iMCPperJGIwp%2FRLh2EtGpRvERqHBD1btRkKFhrXaYsTEnnO2ldGPXuvVlDOCRGGDzrewaGIRzAZzmJ2OQZG8%2FFOGFQri57V66yBQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8306723e9b72b50b-OSL
alt-svc: h2=":443"; ma=60
genuinesuperman.com/38/6a/41/386a413b62d1109ad974452b78d74f6c.js
173.233.137.44 16 kB URL genuinesuperman.com/38/6a/41/386a413b62d1109ad974452b78d74f6c.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (42851), with no line terminators
Hash d118086fce582f41186b797d3bb8b14e
5e504d7b63e0ac05c1a7dc9f17422988bc0678b6
3e6025589a8ac2576a12d5e304c5ccc4ffd518e0c6c78ee7057bbe7c3611b005
GET /38/6a/41/386a413b62d1109ad974452b78d74f6c.js HTTP/1.1
Host: genuinesuperman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f4dcfc958046d1a5bcf69fb01180f6de
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
genuinesuperman.com/52/dd/8a/52dd8a964b2d9351a132afe7126669b6.js
173.233.137.44 23 kB URL genuinesuperman.com/52/dd/8a/52dd8a964b2d9351a132afe7126669b6.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (59235)
Hash 116f43baf826ba19eff78154d36a4b03
afdb478709a5f1d1d0c5352b0ee77f1b187e55f3
96fdd3c22cb5f03bbd7eb51176b21257640e31f9f6c298c75ed818e723076c21
GET /52/dd/8a/52dd8a964b2d9351a132afe7126669b6.js HTTP/1.1
Host: genuinesuperman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_AN-1159_layer=0; expires=Fri, 08 Dec 2023 23:27:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 744314e5ef97a885a8cef0ef37a662d0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
genuinesuperman.com/83fd40fb88fa605df0a30978c6fd2e5f/invoke.js
173.233.137.44 11 kB URL genuinesuperman.com/83fd40fb88fa605df0a30978c6fd2e5f/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (29592), with no line terminators
Hash d26d038bcfceae38d095de45b3f1f5b7
0bfd66e749c3b6c8e6580bbfdb03518e3b9e4225
03e471b921ebff18425721fdf75cbd3e82a7e5d11d572bafa6d10be759f0d732
GET /83fd40fb88fa605df0a30978c6fd2e5f/invoke.js HTTP/1.1
Host: genuinesuperman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3014927b6309f191d08581799b887f19
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash 0984c237e8b764a5d09060bf0bb95cc1
582a5d3f002f3c8a61dfa508e50748c6b1054754
671a9ff617aa074239334cdefe5bac7db2aa810493c9f06dbfaf837b0668c0a4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.ihaan.org
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1; expires=Thu, 01 Dec 2033 19:27:21 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.172.31 28 kB URL friendshipmale.com/sfp.js
IP 172.64.172.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 11ed86bb720ea58e2c71b5c8eed06eed
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 04 Dec 2023 19:27:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4ev3zsyIyaeA1W6rquaDA5jGtJkhF6HodgRh2CxQ4vWwxLa5y54Qfqhk4W24NsRf5lTwyjBN%2Bjyk3pD1UBWN9ATliGZhclMUnoAWFQJsw0WrzLnt6wOueMzr%2FtWbOvYAiiCXCE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8306724158e7d16c-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash 0984c237e8b764a5d09060bf0bb95cc1
582a5d3f002f3c8a61dfa508e50748c6b1054754
671a9ff617aa074239334cdefe5bac7db2aa810493c9f06dbfaf837b0668c0a4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.ihaan.org
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash 0984c237e8b764a5d09060bf0bb95cc1
582a5d3f002f3c8a61dfa508e50748c6b1054754
671a9ff617aa074239334cdefe5bac7db2aa810493c9f06dbfaf837b0668c0a4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.ihaan.org
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
www.ihaan.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
188.114.96.1 20 B URL www.ihaan.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP 188.114.96.1:0
File type gzip compressed data, max speed\012- data
Hash 6a6322412c601e234563f3494141f234
5775250783667cd33138122c7bcf854a3409ce40
458c5a203299dd326aa747fee1bbc7709bfbd560507d1603459d9f7d9eb6be76
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: _gcl_au=1.1.232261877.1701718048
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Mon, 04 Dec 2023 19:27:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control: max-age=300, public
access-control-allow-origin: *
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2FhyxRWdZ2qO2TqQrIJ5n3Y88BWM58GsZiytxq0YIH9A3xWiBhwPkMZWW0ybG3JZIqjT4GX9ndS4h376DrLYWBnOAuMV%2Fxjh1aZnUx9HBhc6WO5YQ%2FMHIr604Ce6eAcT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 830672429eca067b-OSL
alt-svc: h2=":443"; ma=60
swindlehumorfossil.com/pixel/purst?dl=0&th=0&sc=0&rs=929&rd=929&fd=401&bv=23.12.v.2&tmpl=70
192.243.59.13 0 B URL swindlehumorfossil.com/pixel/purst?dl=0&th=0&sc=0&rs=929&rd=929&fd=401&bv=23.12.v.2&tmpl=70
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=929&rd=929&fd=401&bv=23.12.v.2&tmpl=70 HTTP/1.1
Host: swindlehumorfossil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 19:27:21 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.ihaan.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
188.114.96.1 3.6 kB URL www.ihaan.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (7415), with no line terminators
Hash 17639f3c1e37ae4ced5870e8f1bda599
f5959ee0089590bf641930009a808fe5bf2de71f
7a55557b45a3f0b19fad9c1c3a8075226af7bcf12ede752d94d31d0b0670b0dc
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: _gcl_au=1.1.232261877.1701718048
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:22 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vS4E%2FxCvvPRx1HmcNG5%2FnfQYEarP6RVS%2FKl5oW5%2BzXyvc%2FViuNou3XtOM51BuOsj2kPt0dEESqA3fd%2BrNCHjktbtdRnzMj7yr9HebmZ6kS7EzistSNBQnlzqWN5PZaQ6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83067242cee8067b-OSL
alt-svc: h2=":443"; ma=60
friendshipmale.com/sfp.js
172.64.172.31 28 kB URL friendshipmale.com/sfp.js
IP 172.64.172.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: e6d05295e4e58fc6ffd63a114cffde81
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 04 Dec 2023 19:27:21 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTrco%2FliUe6nzC7XQdGzv0HdYr2Uxfdj9Up%2BhjzzwFBd%2B1%2F1XsaFNJH%2B1Cr4zm43HoruxGJTs%2F2CMSfemdeR5bLLsqRYN8NvhcaDTG6yNGRFK%2BjUXCsZeXiY%2BRoxoW1AFGVBgvI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 830672424ae0d16c-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.ihaan.org/favicon.ico
188.114.96.1 3.4 kB URL www.ihaan.org/favicon.ico
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 286396fdaff6892bc1c3017eed25e6aa
e052eedfe0705f0727c214e931f4b37ce9fe00c5
e1572eebe2c14afb29423267cbfeac5bd1a5969b745fb02cd93dcb51c1d04662
GET /favicon.ico HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Cookie: _gcl_au=1.1.232261877.1701718048
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 19:27:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: BYPASS
Set-Cookie: PHPSESSID=3r9o78eh0f5ajgj35akptak0v4; path=/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tFoMigomwE5RWGcUZEg7lbKKQJc7%2FHSTqk2%2FqU83iGCt%2FgvPrKchfeYFmuyS9W5Q6rLXbkf6mwiGo%2Bhs97GRybmXS6Hh%2F4iqS3Abrw%2FjhXgd%2Fmt4abOzcbx%2BHa9tQdED"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 830672433f43067b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.ihaan.org/cdn-cgi/challenge-platform/h/b/jsd/r/8306723bcba17130
188.114.96.1 20 B URL www.ihaan.org/cdn-cgi/challenge-platform/h/b/jsd/r/8306723bcba17130
IP 188.114.96.1:0
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /cdn-cgi/challenge-platform/h/b/jsd/r/8306723bcba17130 HTTP/1.1
Host: www.ihaan.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 11605
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/404error.php
Cookie: _gcl_au=1.1.232261877.1701718048; dom3ic8zudi28v8lr6fgphwffqoz0j6c=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:22 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=9LQ_1fzUxZK657AmQKqBrvv0SqNgnsHQlmFzcx0rXyg-1701718042-0-1-b5d5444a.73a07051.240dfd32-0.2.1701718042; path=/; expires=Tue, 03-Dec-24 19:27:22 GMT; domain=.ihaan.org; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhOe3or0y3eEeHHpdSro4TvsX3mKEXkWx645YIJv03MLG8aKT9qc5dTFF6JCNa%2B9fuu0YRsB2U13%2FQ1i89qrudD%2BkoVXlKR4wTEvZtowYAcDnji4wFD3R0lJVSqijPPZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83067244d894067b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash 0984c237e8b764a5d09060bf0bb95cc1
582a5d3f002f3c8a61dfa508e50748c6b1054754
671a9ff617aa074239334cdefe5bac7db2aa810493c9f06dbfaf837b0668c0a4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.ihaan.org
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76 40 B URL proftrafficcounter.com/stats
IP 18.184.210.76:0
File type ASCII text, with no line terminators
Hash 0984c237e8b764a5d09060bf0bb95cc1
582a5d3f002f3c8a61dfa508e50748c6b1054754
671a9ff617aa074239334cdefe5bac7db2aa810493c9f06dbfaf837b0668c0a4
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:22 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.ihaan.org
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
104.21.86.121 0 B URL banquetunarmedgrater.com/advertisers.js
IP 104.21.86.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 19:27:22 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=172800
X-Request-ID: 9a33ba0d732e8a6089f4c4672f7686fb
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 04 Dec 2023 19:27:22 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NahwakwxFxCoUKHflqrHZgauZRXyRsAxznSlhmxk%2BmDBSsRxr%2FXKghKQVlMC00muXt14%2FV4uocP5KgWsbSSnl6HYbOw0sVw4UVq8yU%2B%2BqCDjXtwAXGIXbeuEShCPD%2FokZGrbUiyd39qHbuo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8306724569c50b59-OSL
alt-svc: h2=":443"; ma=60
unseenreport.com/pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=52dd8a964b2d9351a132afe7126669b6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
192.243.59.20 1 B URL unseenreport.com/pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=52dd8a964b2d9351a132afe7126669b6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=52dd8a964b2d9351a132afe7126669b6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9776aa939bca5cc9ad58fabac0168f62
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=386a413b62d1109ad974452b78d74f6c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
192.243.59.20 1 B URL unseenreport.com/pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=386a413b62d1109ad974452b78d74f6c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3093&b_frame=0&pk=386a413b62d1109ad974452b78d74f6c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e7770717620ca7f14c3fa7ba98af1dbc
Strict-Transport-Security: max-age=0; includeSubdomains
vintageperk.com/watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1
173.233.137.60 0 B URL vintageperk.com/watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1 HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.ihaan.org
Access-Control-Allow-Origin: http://www.ihaan.org
Access-Control-Allow-Credentials: true
Location: https://vintageperk.com/watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1&shu=f91981512d1175143800f816ad6eca937435e6c0c789bd3614766c5c04aa50d3df73331540fa59c2abb3d10f792d8e3d482fbf4fcc604a2eb56a1557ba2013e1441b06d02c154ae3e8de169eb319c713ba8f42afad91ea1919268adcea59ad50&pst=1701718103&rmtc=t
Set-Cookie: u_pl=15558265; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU1ODI2NSwiayI6IjgzZmQ0MGZiODhmYTYwNWRmMGEzMDk3OGM2ZmQyZTVmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzQ4MTY3LCJwaWQiOjI1NzQ4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI4LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJxdzZ3MTg0M3NyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly93d3cuaWhhYW4ub3JnLzQwNGVycm9yLnBocCIsImFyIjpbXX19.SVUYtSuJCMlXWVzXOtiR296ZH1jghwOwocDL8kRp3o0; expires=Mon, 04 Dec 2023 19:28:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 78c78eb42de5b5abe4e7f3cec55d7419
Strict-Transport-Security: max-age=0; includeSubdomains
awaydefinitecreature.com/sbar.json?key=386a413b62d1109ad974452b78d74f6c&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1
192.243.59.13 4.3 kB URL awaydefinitecreature.com/sbar.json?key=386a413b62d1109ad974452b78d74f6c&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5986), with no line terminators
Hash ddb73ce8baac77930dce969df96224fb
ce310dc131f6b5d3d989434a7ac95820b40c9b0d
83f33232165aaf4c9402115772641b71dbae95bd2b584a1a3f370d95c342ace8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=386a413b62d1109ad974452b78d74f6c&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1 HTTP/1.1
Host: awaydefinitecreature.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.ihaan.org
Access-Control-Allow-Origin: http://www.ihaan.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15583901; expires=Tue, 05 Dec 2023 19:27:22 GMT; secure; SameSite=None
uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1; expires=Mon, 11 Dec 2023 19:27:22 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
slec386a413b62d1109ad974452b78d74f6c=[4766299]; expires=Mon, 04 Dec 2023 19:27:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3915d99cf937595ab65c41679d49e075
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
vintageperk.com/watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1&shu=f91981512d1175143800f816ad6eca937435e6c0c789bd3614766c5c04aa50d3df73331540fa59c2abb3d10f792d8e3d482fbf4fcc604a2eb56a1557ba2013e1441b06d02c154ae3e8de169eb319c713ba8f42afad91ea1919268adcea59ad50&pst=1701718103&rmtc=t
173.233.137.60 643 B URL vintageperk.com/watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1&shu=f91981512d1175143800f816ad6eca937435e6c0c789bd3614766c5c04aa50d3df73331540fa59c2abb3d10f792d8e3d482fbf4fcc604a2eb56a1557ba2013e1441b06d02c154ae3e8de169eb319c713ba8f42afad91ea1919268adcea59ad50&pst=1701718103&rmtc=t
IP 173.233.137.60:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (603)
Hash 51f8c77ed664b099516f597add8d1821
924175865a2e3c195bc5a0493d35941699c4aa0d
c9a292dbc41d6980470cf171f9cb57bbcc6b370bab883dcc59598421da01dbbe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.1238033315019.js?key=83fd40fb88fa605df0a30978c6fd2e5f&kw=%5B%22404%22%2C%22error%22%2C%22ihaan%22%2C%22org%22%2C%22-%22%2C%22build%22%2C%22dofollow%22%2C%22backlinks%22%2C%22to%22%2C%22boost%22%2C%22your%22%2C%22website%22%5D&refer=http%3A%2F%2Fwww.ihaan.org%2F404error.php&tz=0&dev=e&res=14.3093&uuid=d46cbb1d-73a6-4910-80a5-15bfd412b099%3A3%3A1&shu=f91981512d1175143800f816ad6eca937435e6c0c789bd3614766c5c04aa50d3df73331540fa59c2abb3d10f792d8e3d482fbf4fcc604a2eb56a1557ba2013e1441b06d02c154ae3e8de169eb319c713ba8f42afad91ea1919268adcea59ad50&pst=1701718103&rmtc=t HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
Referer: http://www.ihaan.org/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15558265; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU1ODI2NSwiayI6IjgzZmQ0MGZiODhmYTYwNWRmMGEzMDk3OGM2ZmQyZTVmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzQ4MTY3LCJwaWQiOjI1NzQ4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI4LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJxdzZ3MTg0M3NyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly93d3cuaWhhYW4ub3JnLzQwNGVycm9yLnBocCIsImFyIjpbXX19.SVUYtSuJCMlXWVzXOtiR296ZH1jghwOwocDL8kRp3o0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.ihaan.org
Access-Control-Allow-Origin: http://www.ihaan.org
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1; expires=Mon, 11 Dec 2023 19:27:23 GMT; secure; SameSite=None
iprc21ed0525e7d04623ca051080c752b0bc=2717343; expires=Tue, 05 Dec 2023 21:27:23 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 05 Dec 2023 19:27:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c8a36337bf884aa56b37e68e02a3c5b0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
awaydefinitecreature.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRudTfKrfqIgSoMA6QqKIOHz7t3u3S0pIkKwsTC2lT9yQTWzs3sePDezmtm9PR%2BNRSSU8oJS0CCt39mxAlFEKJGQ0JkGLCH5KJALLCFq0iClRnc%2B6eAr5vve96Z47818tpefEQ85Pd34UPeFlHQxqLqVq5tCcV3YytqdiudW3WuVTaEa%2FrVKb3KY7tueG1TdNyvLcbStF2uu57qe61WWhIkT3VucshDpk9Crhm7Vr1W9wEfP%2FBfb3IGlDnj3jFyG4OP%2Fbf30DCIaQXW%2BuRnb7Uynb73XySXNtEGXH95V20oXCp35mBgHiTqc3Ya2Y0K%2BuACtDmcOoLv7EwdgYkyc3zwwdTiTCdY9OFfKJGIFxv%2BPojtCLEcQdIRI34PgJwSIONbWoTqP1rQp6M45SyfsmFx68TdEMSaXfr8C1Xl6Q4pe5baWeSa0suglJURvBNEeIc2PkPUdiOIIUfYpBP%2BFLL5Yhersr1upIfjpG9xvRIx5fKFZp40FP%2FTchZZLgwUvYAn3vRpzw3AakRAjiGQEGQ9A7UXk1kEuHOSJgzx10OGnFRqEies2E5bU6y0%2FiqJ6PYqCVoMHvO63Ehd5NPEwQJYOEMkBIrOL1OxiWzw4CS7D5D%2FAbpWw3IHNCLq8RBETFJagoASFICgygqJbHnBpa7Z8xKXNmTfrtVmvl0Odtffogc7asSKgZrCXnpGXp%2Fn99fOX2I5PK%2FVWg%2FpenTVq3PPckPKw6ftBjTVbvOknjQhWlBD2Aqh10BdjcuXzZaTihD8Eo0ew8giReA00fx20GDZrLujW0G%2B56KvHYotSVdWmDa5LpNklZDvOnjwjr0wlvP%2FdR4ij4%2BsP%2B38sP73yCSJTIjUlPhY%2FErTl%2FeEtXZD9W7qw5Nl6momO6NPJ897OaBZf%2FOqDeKfQhq%2FctIPH70QTYjI%2BuRPbbJUqLlTbkq9vCM5js6RNFJPvV%2BxmzDZyu3UjNypPVzfeXVrppCa2Vmg1AhVjQp5%2Fi0iMyUvP7fTrXr37J4QZweQlOvkxmRWEPkKU7sKm853VBEbOMUsdFHk5NDU2X0pBIOM5pqyE%2FRdm83nP3kfbOKDZPahOia4p0ZUlqBzA5heHWWqOr%2F9anxaYdIZMGmefSSMfnIdrxWklDhI3id1azJKQJU3q8jDxQ0ZDL26ygHrI7DhWV1%2F9BwAA%2F%2F8BAAD%2F%2F5OO2%2B%2BSBAAA
192.243.59.13 7 B URL awaydefinitecreature.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRudTfKrfqIgSoMA6QqKIOHz7t3u3S0pIkKwsTC2lT9yQTWzs3sePDezmtm9PR%2BNRSSU8oJS0CCt39mxAlFEKJGQ0JkGLCH5KJALLCFq0iClRnc%2B6eAr5vve96Z47818tpefEQ85Pd34UPeFlHQxqLqVq5tCcV3YytqdiudW3WuVTaEa%2FrVKb3KY7tueG1TdNyvLcbStF2uu57qe61WWhIkT3VucshDpk9Crhm7Vr1W9wEfP%2FBfb3IGlDnj3jFyG4OP%2Fbf30DCIaQXW%2BuRnb7Uynb73XySXNtEGXH95V20oXCp35mBgHiTqc3Ya2Y0K%2BuACtDmcOoLv7EwdgYkyc3zwwdTiTCdY9OFfKJGIFxv%2BPojtCLEcQdIRI34PgJwSIONbWoTqP1rQp6M45SyfsmFx68TdEMSaXfr8C1Xl6Q4pe5baWeSa0suglJURvBNEeIc2PkPUdiOIIUfYpBP%2BFLL5Yhersr1upIfjpG9xvRIx5fKFZp40FP%2FTchZZLgwUvYAn3vRpzw3AakRAjiGQEGQ9A7UXk1kEuHOSJgzx10OGnFRqEies2E5bU6y0%2FiqJ6PYqCVoMHvO63Ehd5NPEwQJYOEMkBIrOL1OxiWzw4CS7D5D%2FAbpWw3IHNCLq8RBETFJagoASFICgygqJbHnBpa7Z8xKXNmTfrtVmvl0Odtffogc7asSKgZrCXnpGXp%2Fn99fOX2I5PK%2FVWg%2FpenTVq3PPckPKw6ftBjTVbvOknjQhWlBD2Aqh10BdjcuXzZaTihD8Eo0ew8giReA00fx20GDZrLujW0G%2B56KvHYotSVdWmDa5LpNklZDvOnjwjr0wlvP%2FdR4ij4%2BsP%2B38sP73yCSJTIjUlPhY%2FErTl%2FeEtXZD9W7qw5Nl6momO6NPJ897OaBZf%2FOqDeKfQhq%2FctIPH70QTYjI%2BuRPbbJUqLlTbkq9vCM5js6RNFJPvV%2BxmzDZyu3UjNypPVzfeXVrppCa2Vmg1AhVjQp5%2Fi0iMyUvP7fTrXr37J4QZweQlOvkxmRWEPkKU7sKm853VBEbOMUsdFHk5NDU2X0pBIOM5pqyE%2FRdm83nP3kfbOKDZPahOia4p0ZUlqBzA5heHWWqOr%2F9anxaYdIZMGmefSSMfnIdrxWklDhI3id1azJKQJU3q8jDxQ0ZDL26ygHrI7DhWV1%2F9BwAA%2F%2F8BAAD%2F%2F5OO2%2B%2BSBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRudTfKrfqIgSoMA6QqKIOHz7t3u3S0pIkKwsTC2lT9yQTWzs3sePDezmtm9PR%2BNRSSU8oJS0CCt39mxAlFEKJGQ0JkGLCH5KJALLCFq0iClRnc%2B6eAr5vve96Z47818tpefEQ85Pd34UPeFlHQxqLqVq5tCcV3YytqdiudW3WuVTaEa%2FrVKb3KY7tueG1TdNyvLcbStF2uu57qe61WWhIkT3VucshDpk9Crhm7Vr1W9wEfP%2FBfb3IGlDnj3jFyG4OP%2Fbf30DCIaQXW%2BuRnb7Uynb73XySXNtEGXH95V20oXCp35mBgHiTqc3Ya2Y0K%2BuACtDmcOoLv7EwdgYkyc3zwwdTiTCdY9OFfKJGIFxv%2BPojtCLEcQdIRI34PgJwSIONbWoTqP1rQp6M45SyfsmFx68TdEMSaXfr8C1Xl6Q4pe5baWeSa0suglJURvBNEeIc2PkPUdiOIIUfYpBP%2BFLL5Yhersr1upIfjpG9xvRIx5fKFZp40FP%2FTchZZLgwUvYAn3vRpzw3AakRAjiGQEGQ9A7UXk1kEuHOSJgzx10OGnFRqEies2E5bU6y0%2FiqJ6PYqCVoMHvO63Ehd5NPEwQJYOEMkBIrOL1OxiWzw4CS7D5D%2FAbpWw3IHNCLq8RBETFJagoASFICgygqJbHnBpa7Z8xKXNmTfrtVmvl0Odtffogc7asSKgZrCXnpGXp%2Fn99fOX2I5PK%2FVWg%2FpenTVq3PPckPKw6ftBjTVbvOknjQhWlBD2Aqh10BdjcuXzZaTihD8Eo0ew8giReA00fx20GDZrLujW0G%2B56KvHYotSVdWmDa5LpNklZDvOnjwjr0wlvP%2FdR4ij4%2BsP%2B38sP73yCSJTIjUlPhY%2FErTl%2FeEtXZD9W7qw5Nl6momO6NPJ897OaBZf%2FOqDeKfQhq%2FctIPH70QTYjI%2BuRPbbJUqLlTbkq9vCM5js6RNFJPvV%2BxmzDZyu3UjNypPVzfeXVrppCa2Vmg1AhVjQp5%2Fi0iMyUvP7fTrXr37J4QZweQlOvkxmRWEPkKU7sKm853VBEbOMUsdFHk5NDU2X0pBIOM5pqyE%2FRdm83nP3kfbOKDZPahOia4p0ZUlqBzA5heHWWqOr%2F9anxaYdIZMGmefSSMfnIdrxWklDhI3id1azJKQJU3q8jDxQ0ZDL26ygHrI7DhWV1%2F9BwAA%2F%2F8BAAD%2F%2F5OO2%2B%2BSBAAA HTTP/1.1
Host: awaydefinitecreature.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Cookie: u_pl=15583901; uid_id2=d46cbb1d-73a6-4910-80a5-15bfd412b099:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 452431912a3304328c2d690fb5def6d6
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
45.133.44.3 478 B URL cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 5a7df8dcac4cde2aeadb9f07a622d3fa
4044f12fce935458c93ef71de58ac6bf97b28bba
ccec003eccd7e299f825c7e48ba721d529f1c110bb5b60c60a18dca61cb6b45a
GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ihaan.org
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:23 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 04 Dec 2023 20:27:23 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15558265
192.243.61.227 1.4 kB URL conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15558265
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (444)
Hash 99be224b910ce92c92d7026aff1712a9
e9888b80786a8c92d310d184f6f1e0d04f7e0d65
22d05494224f2f8423c332171f4f5fa4e7723084dc95e3fcd28575519136e5cf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15558265 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ihaan.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Tue, 05 Dec 2023 19:27:23 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU1NTgyNjUiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5paGFhbi5vcmcvIiwiYXIiOltdfX0.bpJt8C4tgRNp9cJ8Lq7H0TUGDAx-PXqQAoc9lw_dKXo; expires=Mon, 04 Dec 2023 19:28:23 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b00e8503079fbbbaba8af5e193ab3568
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTU4MjY1JnBzdD0xNzAxNzE4MTAzJnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cuaWhhYW4ub3JnJTJGJnJtdGM9dCZzaHU9ZTc2YTE4Yjc0NjJkMTNhZTcxOTcwNWEwOWI3NGM1NmFkNzdlNjQwNGU4OTRjY2I5NzkwODkxMTcwMDA3YjVjYWM2YjVjNDIxN2Q5NTRiNjk3NDM4M2M1YmY4YTQ2Y2E2ZDY1YWFlZDc4NGE5ZjBmNzVkMDc5NjVjNTk5NzFkOGJlN2M4ODI0NGU0NGY2ZmQwMmJlMThjZTFiYzQyYWQ4ZDExZGJiMQ%3D%3D&uuid=&pii=&in=false
192.243.61.227 0 B URL conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTU4MjY1JnBzdD0xNzAxNzE4MTAzJnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cuaWhhYW4ub3JnJTJGJnJtdGM9dCZzaHU9ZTc2YTE4Yjc0NjJkMTNhZTcxOTcwNWEwOWI3NGM1NmFkNzdlNjQwNGU4OTRjY2I5NzkwODkxMTcwMDA3YjVjYWM2YjVjNDIxN2Q5NTRiNjk3NDM4M2M1YmY4YTQ2Y2E2ZDY1YWFlZDc4NGE5ZjBmNzVkMDc5NjVjNTk5NzFkOGJlN2M4ODI0NGU0NGY2ZmQwMmJlMThjZTFiYzQyYWQ4ZDExZGJiMQ%3D%3D&uuid=&pii=&in=false
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1NTU4MjY1JnBzdD0xNzAxNzE4MTAzJnJlZmVyPWh0dHAlM0ElMkYlMkZ3d3cuaWhhYW4ub3JnJTJGJnJtdGM9dCZzaHU9ZTc2YTE4Yjc0NjJkMTNhZTcxOTcwNWEwOWI3NGM1NmFkNzdlNjQwNGU4OTRjY2I5NzkwODkxMTcwMDA3YjVjYWM2YjVjNDIxN2Q5NTRiNjk3NDM4M2M1YmY4YTQ2Y2E2ZDY1YWFlZDc4NGE5ZjBmNzVkMDc5NjVjNTk5NzFkOGJlN2M4ODI0NGU0NGY2ZmQwMmJlMThjZTFiYzQyYWQ4ZDExZGJiMQ%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU1NTgyNjUiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5paGFhbi5vcmcvIiwiYXIiOltdfX0.bpJt8C4tgRNp9cJ8Lq7H0TUGDAx-PXqQAoc9lw_dKXo; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=301354ddeb1f10aa7db67b7e79c47f50&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprc4a16d8e1e36ddee7bde0df3e8de7dfbc=4641329; expires=Tue, 05 Dec 2023 19:27:24 GMT
pdhtkv=true; expires=Tue, 05 Dec 2023 19:27:24 GMT
uncs=1; expires=Tue, 05 Dec 2023 19:27:24 GMT
pdhtkv28=true; expires=Tue, 05 Dec 2023 19:27:24 GMT
uncs28=1; expires=Tue, 05 Dec 2023 19:27:24 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5a9f5236f4f0144ab5e4ba4997ad2f93
Strict-Transport-Security: max-age=0; includeSubdomains
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=301354ddeb1f10aa7db67b7e79c47f50&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
192.64.81.118 0 B URL violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=301354ddeb1f10aa7db67b7e79c47f50&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP 192.64.81.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=301354ddeb1f10aa7db67b7e79c47f50&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Mon, 04 Dec 2023 19:27:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9fv1mq5a1; expires=Tue, 05-Dec-2023 19:27:25 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9fv1mq5a1-h9fv1mq5a1-hq1m-0-q5a4bl-ftxofe-ft8pdz-11ac22; expires=Tue, 05-Dec-2023 19:27:25 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=23637h9fv1mq5a1e69&sub_id=16122660
Strict-Transport-Security: max-age=31536000
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=23637h9fv1mq5a1e69&sub_id=16122660
104.21.22.161 0 B URL vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=23637h9fv1mq5a1e69&sub_id=16122660
IP 104.21.22.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=23637h9fv1mq5a1e69&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 04 Dec 2023 19:27:25 GMT
content-length: 0
location: https://vvfal.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
set-cookie: zKByXHsQK0ydGD7DogbGyA=7; max-age=345600; path=/; samesite=lax
__pl=9c9f1efe-84a3-4259-8ac0-ba9fbdca94fb; expires=Thu, 04 Dec 2025 19:27:25 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uyr8zpAlBGZVaqqUGZHCz5%2BspIshC%2F%2BPfCC4Y4mkezmEkQrFsV%2F%2FyoSrir8YsygvCRv4rh%2FzEEXvaer8z8Xbw9lUeckbRwPxxG6WI0g%2F1rsd8QXd%2FkjiLBOsQDLW7y2tlv2%2BNZ1xJ%2Bf50Gr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83067256bc027129-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
vvfal.stonecarv.top/favicon.ico
172.64.166.10 0 B URL vvfal.stonecarv.top/favicon.ico
IP 172.64.166.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Mon, 04 Dec 2023 19:27:25 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 221
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjMOap4TapQQqwksTkgISxe6el%2FTffk07Ud%2BOm%2FrOJuV8OaVFALbITtVTsL0fXBqAX8xqUoQ1ah7%2FSNNalf2AKhQFP7gB1ATzFKhZqg%2BmY58%2FUBJj6ivMcpm%2F1pywsVxLckDyd7O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8306725b2ffa63c2-LHR
alt-svc: h3=":443"; ma=86400
vvfal.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
172.64.166.10 39 kB URL vvfal.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
IP 172.64.166.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20700), with CRLF line terminators
Hash 7aeec8b7b85b9b4f4fe3b382f4a882c6
0ff74b06c9382afec2145ea4d5b9312fcbc1c243
c134a426f134ff6d4998efd9df045f3b359d37bc92beaf7c90e7a81a3dc96779
GET /youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345 HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:25 GMT
content-type: text/html
last-modified: Mon, 04 Dec 2023 09:44:39 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uu4448ocN9I87TLtyUuKShYwRUcaIX2%2F6HjuE2ygn%2BZfMdSKLsjdUqxT4OG55ReXRwqY6fOZql43zcZiOoU1xnArqobONiOlAaE1SB57RAZV5PUWESww5qp71gbuvtgMzMfVETBc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83067257b8fd8871-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
142.250.74.99 9.9 kB URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (38231)
Hash 0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 16:24:50 GMT
expires: Tue, 03 Dec 2024 16:24:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 10956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
a.stonecarv.top/favicon.ico
172.64.166.10 0 B URL a.stonecarv.top/favicon.ico
IP 172.64.166.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: a.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Mon, 04 Dec 2023 19:27:26 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2648
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5R86Yxh4HliY498jS3guM3PbsX4GTh3IOQaAIA36tLilfC3UU7yYBIbABnoFrfxZO3A5jnTPPjdM0rkMIIeUFJvSQbVZTC7f34tT4o1o49Vfja5MulRjH2649%2B2EzG3STJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8306725f6f7b63c2-LHR
alt-svc: h3=":443"; ma=86400
cdnstatic.stonecarv.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
172.64.166.10 9.5 kB URL cdnstatic.stonecarv.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP 172.64.166.10:0
File type ASCII text, with CRLF line terminators
Hash 512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a
GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Cookie: __psu=cdc2de9b-9ef2-4e0c-9f6d-83e5959e1ea4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 19:27:26 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJ5bZg%2FcLGLfznUxOTVJ1tWQUZNEEjIit91QQ0elX7sXdxpcDiBdvhyKi5N7llYWxUXmOLLUAa3Kq9wdjXdsAQT6t8uiGbboM66jLMFblxzCPICBjbUaDzVSFsSIkJu9EXVquCJ82mcbjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8306725f9fe563c2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
142.250.74.99 9.9 kB URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (38231)
Hash 0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.stonecarv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 16:24:50 GMT
expires: Tue, 03 Dec 2024 16:24:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 10956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vvfal.stonecarv.top/youtube/assets/trls.js
172.64.166.10 2.9 kB URL vvfal.stonecarv.top/youtube/assets/trls.js
IP 172.64.166.10:0
File type Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Hash 709bf95e5090d5ab9c1d5dd7f1a86d5b
ad43e17c491ccacbefeab7454c0e5bc4fe33f380
dafebe85a2439f7bdb03df03df905b7d2f1ec99d8cd9c1cb1808541a7498ea99
GET /youtube/assets/trls.js HTTP/1.1
Host: vvfal.stonecarv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.stonecarv.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=23637h9fv1mq5a1e69&sub_id=16122660&nrid=99cdb14e50dc4554a0bf222399dcf60b&hash=K-imB8pP_O2_nWEbCS7dEA&exp=1701718345
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 19:27:25 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 09:44:39 GMT
etag: W/"656d9f87-1bbe"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6478
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXep20eOE2RmiwF7fazIEawqZ6UHj8ZTUdNk2XV4T0TCOyw7QCBGoE4aeUvVssIcHEuPWcDCDfCk8l54i3rfK0vClubfyrwIbUdf%2Biwk6L2prnzKXkfrLjHVnCVm84Xx1QKPjUcg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830672599d8e63c2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNzE4MTA3JnJtdGM9dCZzaHU9YTJkMDcwMzYwYjQ0MTEwMjYwN2E1NDA4NGQ3MzkwMzVmYWMxNzdiYjZkYTEyOWNmZmJjNjY0MDM5N2Q3OGIzZTcyMzEyNmZiYzk1MmNhMDRhZmQ3ZWRlYjA0NzA4ZjExZmE1NDNiMTM1ZjRiYTU0YTNlZTkyZDQ1M2JmMGVmMjA5NDYwZTNkMjdlNzY5MmQ1ZTkxNDVjMjA2YzJiOWNmZWIwY2IzMGZmMjcyMGY0ZDkyOGYwNGJhZGZkYzY5NTlkM2Q%3D&uuid=&pii=&in=false
173.233.137.60302 Found 0 B URL User Request GET HTTP/1.1 www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNzE4MTA3JnJtdGM9dCZzaHU9YTJkMDcwMzYwYjQ0MTEwMjYwN2E1NDA4NGQ3MzkwMzVmYWMxNzdiYjZkYTEyOWNmZmJjNjY0MDM5N2Q3OGIzZTcyMzEyNmZiYzk1MmNhMDRhZmQ3ZWRlYjA0NzA4ZjExZmE1NDNiMTM1ZjRiYTU0YTNlZTkyZDQ1M2JmMGVmMjA5NDYwZTNkMjdlNzY5MmQ1ZTkxNDVjMjA2YzJiOWNmZWIwY2IzMGZmMjcyMGY0ZDkyOGYwNGJhZGZkYzY5NTlkM2Q%3D&uuid=&pii=&in=false
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNzE4MTA3JnJtdGM9dCZzaHU9YTJkMDcwMzYwYjQ0MTEwMjYwN2E1NDA4NGQ3MzkwMzVmYWMxNzdiYjZkYTEyOWNmZmJjNjY0MDM5N2Q3OGIzZTcyMzEyNmZiYzk1MmNhMDRhZmQ3ZWRlYjA0NzA4ZjExZmE1NDNiMTM1ZjRiYTU0YTNlZTkyZDQ1M2JmMGVmMjA5NDYwZTNkMjdlNzY5MmQ1ZTkxNDVjMjA2YzJiOWNmZWIwY2IzMGZmMjcyMGY0ZDkyOGYwNGJhZGZkYzY5NTlkM2Q%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 19:27:28 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Tue, 05 Dec 2023 19:27:28 GMT
uncs=1; expires=Tue, 05 Dec 2023 19:27:28 GMT
pdhtkv28=true; expires=Tue, 05 Dec 2023 19:27:28 GMT
uncs28=1; expires=Tue, 05 Dec 2023 19:27:28 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c68bb31499f2d0d44a1df0f213fd5965
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
13.107.213.53307 Temporary Redirect 0 B URL User Request GET HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 04-Dec-3022 19:27:28 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0IChuZQAAAADFJ4XKH81rQ6BLnEHqEFXpU1ZHMjBFREdFMDUyMgAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Mon, 04 Dec 2023 19:27:27 GMT
content-length: 0
X-Firefox-Spdy: h2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 19:27:28 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node08a7mxjueu9q7irrrn5g8mhgt7461544.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 19:27:28 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 19:27:28 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Wed, 03-Dec-2025 19:27:28 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 04 Dec 2023 19:27:28 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
85.184.96.28301 Moved Permanently 0 B URL User Request GET HTTP/2 www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 19:27:28 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 04 Dec 2023 19:27:28 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.43.104302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Mon, 04 Dec 2023 19:27:28 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 8306726d5df45691-OSL
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 957 B URL GET HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
Hash e19225e3eb562a3b6a86f7b8b47c38fb
ce3eb55448afd8fc9dfa4ac82f8743a009d5e142
c152526a02cb050650847e999ae141eae985472fbf73c5a843160b3b6bb06f79
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: application/javascript
content-length: 957
last-modified: Mon, 25 Apr 2022 12:18:31 GMT
etag: "3bd-5dd799309c310"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65451)
Hash a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:51:14 GMT
expires: Fri, 29 Nov 2024 02:51:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 405374
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.43.104302 Found 0 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Mon, 04 Dec 2023 19:27:29 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 8306726f78a55691-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
104.18.43.104200 OK 98 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 8306726f78a95691-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 308894
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
104.18.43.104200 OK 11 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 8306726f78be5691-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 407542
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 397795
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 388674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.unibet.com/
85.184.96.28200 OK 112 kB IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type gzip compressed data\012- data
Size 112 kB (112531 bytes)
Hash 7b4661732ba39385cbb352f9917303c5
aadc6a9542a52a5f5cf856558b66f737c9ba2a45
19ddb061ce9e4721a5a34c90a6106b27ce875dad53cdc4765286544e831ca4ff
GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: text/html;charset=utf-8
x-request-id: 1a135906ab9f8f5a60ac0e0865ea1dd8
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Mon, 04 Dec 2023 19:27:46 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.43.104200 OK 16 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 41acdc0efbe24c5e799972ff33c90259
1e5df73ad5bfb5f075815bcb520fabe2e107fe2d
1a91fab46f128a63c74943fe6db7de41509d69ae9f4e36aab9f984cac94fa451
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d4dd35691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 479775
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.43.104200 OK 69 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, ASCII text
Hash ac64b59c98bbe50cf69b6c98fa39585c
0a5cc9fb43b8a208481baaf752dbd504078a764b
28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 8306726d4dbc5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 311437
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.140.13200 OK 54 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.140.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (54456), with no line terminators
Hash 7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2273069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvb4di5TtlxkhJ3onJo%2FyU2YKhNcRqKuKGEgP42ME%2BaEnNNhaAcp7JO1FZJEQ7wlX8EogcEGdEnvDruDuZaHEnmgvBGCzDA9v%2FdfJsBSKZA7CYWyZJenBgKQuusMrUuUrvMlEHhf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8306726dfc8d7798-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.43.104200 OK 966 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Hash 60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d5def5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 409781
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.43.104200 OK 22 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: text/css; charset=utf-8
cf-ray: 8306726d3dac5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 394768
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.43.104200 OK 16 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d4dd55691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 314095
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.43.104200 OK 1.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Hash 49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d5df25691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 301146
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.43.104200 OK 32 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d5df65691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 479851
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.43.104200 OK 5.7 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Hash e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d5de15691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 397620
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.43.104200 OK 3.2 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Hash 910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d4dd15691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 486200
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.43.104200 OK 1.1 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Hash 72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d5de35691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 406159
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
104.18.43.104200 OK 421 B URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: image/x-icon
cf-ray: 8306727049c25691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 479705
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.17.127.249200 OK 1.1 kB URL GET HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.17.127.249:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Hash 8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 558
vary: Accept-Encoding
server: cloudflare
cf-ray: 83067273284456b4-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
104.18.43.104200 OK 15 kB URL GET HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (693)
Hash 5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 8306726ef80a5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 300229
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 4.7 kB URL GET HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Hash 631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Mon, 04 Dec 2023 19:27:29 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.17.127.249200 OK 4.9 kB URL GET HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.17.127.249:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Hash 7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 323
vary: Accept-Encoding
server: cloudflare
cf-ray: 83067271dea456b4-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 424236
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.43.104200 OK 13 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash 7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: image/svg+xml
cf-ray: 8306726d4dda5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 401923
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.43.104200 OK 4.5 kB URL GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Hash cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 8306726d3daf5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 216890
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.106200 OK 6.4 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.106:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (6530), with no line terminators
Hash feddc562097e437af08febef83792dbe
4d1d430f50e555657f1a135bcf655877597b38ca
284e88ea80c2a259fedfeb2cd060bd55616e22a73693c779061741385239c46b
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 19:27:28 GMT
date: Mon, 04 Dec 2023 19:27:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 192 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (25136)
Size 192 kB (192178 bytes)
Hash 0885efe969aab789a68ca6b8f962ff45
1ca8aa06584442f142bf3218bb393fa9d4df4b78
cc8b35e13288e834320a164be61ba993c5f3366a16431811ddb21ad4246ea824
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 19:27:29 GMT
expires: Mon, 04 Dec 2023 19:27:29 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67319
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.140.13200 OK 74 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.140.13:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 476350
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ua%2B7GjvGveJXpvVu77fS9LRr5d7y2sk68jDyOMtKi4WAOxqBkRvhw%2BFSlrqhvXXBRdBg9MhoV%2FnOQ7YjMOn2g4IBEQwfehdm1S%2F2Kb6Ur93cBtRhK9KebDLsAC7LDtYFnsLxyYI%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8306726f9e837798-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
85.184.96.28200 OK 74 kB URL GET HTTP/2 www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP 85.184.96.28:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (65378)
Hash 3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246
GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 14:00:57 GMT
vary: Accept-Encoding
etag: W/"656ddb99-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.43.104200 OK 5.9 kB URL GET HTTP/2 welcome.unibet.com/custom.js
IP 104.18.43.104:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
File type ASCII text, with very long lines (6078), with no line terminators
Hash f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: application/javascript
cf-ray: 8306726d4dcd5691-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 407636
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 1.8 kB URL GET HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:443
ASN #47171 Unibet Services Limited
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT
File type ASCII text, with very long lines (1881), with no line terminators
Hash 695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210666423060%7c1%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.17.127.249200 OK 25 kB URL GET HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.17.127.249:443
Requested by https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:29 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 424
vary: Accept-Encoding
server: cloudflare
cf-ray: 83067271dea656b4-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
104.18.43.104200 OK 17 kB URL User Request GET HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521
IP 104.18.43.104:443
Certificate IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701718048203)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231241927%22%7d%5d; __ucbt=node08a7mxjueu9q7irrrn5g8mhgt7; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7E62C502BA474F52A8416B1BD1DE4F50; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7E62C502BA474F52A8416B1BD1DE4F50%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 19:27:28 GMT
content-type: text/html; charset=utf-8
cf-ray: 8306726b1a8e5691-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89193804-601e-0065-66e7-26bc46000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_7E62C502BA474F52A8416B1BD1DE4F50;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2