Report - cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html

Report Overview

Visited public
2023-12-01 17:11:19
Tags
URL
cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
IP / ASN
185.77.97.170
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-11-29 05:29:33	2.5 kB	4.4 kB	192.243.59.12
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-01 06:50:24	910 B	21 kB	142.250.74.35
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-01 06:35:23	1.4 kB	590 B	85.184.96.5
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-01 06:19:54	449 B	425 B	18.184.210.76
st.mycdn.me	31534	2013-03-07	2013-06-14 09:16:57	2023-11-20 00:53:31	952 B	21 kB	217.20.155.82
vvfal.veinmaster.top	unknown	2023-11-23	2023-11-26 13:21:34	2023-11-30 01:15:05	3.9 kB	56 kB	172.64.103.19
accordancespotted.com	unknown	2023-11-28	2023-11-28 20:19:45	2023-11-30 18:07:13	3.0 kB	6.8 kB	192.243.59.13
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-01 09:03:21	926 B	601 B	192.64.81.118
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-12-01 05:13:01	1.7 kB	471 B	192.0.76.3
sensualtestresume.com	unknown	unknown	No data	No data	878 B	2.6 kB	173.233.137.52
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-01 11:43:19	872 B	87 kB	172.64.109.10
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-11-28 09:13:44	608 B	1.0 kB	172.67.205.133
unpkg.com	11693	2016-01-06	2016-01-08 00:26:01	2023-12-01 05:56:55	423 B	42 kB	104.16.123.175
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-01 11:51:43	30 kB	464 kB	104.18.43.104
player.vimple.ru	unknown	2011-04-15	2016-10-29 10:41:54	2023-10-26 21:03:03	520 B	359 B	81.19.70.4
ok.ru	3812	1998-11-03	2017-01-30 06:01:21	2023-11-19 16:11:31	5.0 kB	145 kB	5.61.23.11
hqq.tv	171388	2013-09-14	2014-04-10 00:12:08	2023-10-27 22:32:25	3.1 kB	59 kB	190.115.19.71
tonicneighbouring.com	unknown	2023-11-28	2023-11-28 21:57:15	2023-11-29 02:57:09	877 B	2.6 kB	192.243.59.13
a.veinmaster.top	unknown	2023-11-23	2023-11-24 09:28:59	2023-12-01 13:52:16	1.3 kB	12 kB	172.64.103.19
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-01 05:29:09	1.6 kB	50 kB	142.250.74.67
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-01 05:12:17	1.0 kB	130 kB	172.64.141.13
cineycortosgay.com	unknown	unknown	No data	No data	13 kB	167 kB	185.77.97.170
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-12-01 05:09:54	5.5 kB	29 kB	192.0.77.2
valleymuchunnecessary.com	unknown	2023-11-28	2023-11-28 12:55:51	2023-11-29 05:19:50	2.9 kB	6.0 kB	173.233.137.44
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-11-30 18:16:43	606 B	5.5 kB	104.40.147.180
cdnstatic.veinmaster.top	unknown	2023-11-23	2023-11-26 05:26:39	2023-12-01 13:52:16	1.0 kB	23 kB	172.64.103.19
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-11-28 19:08:31	2.4 kB	21 kB	192.243.59.12
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-01 13:52:19	1.4 kB	1.7 kB	85.184.96.5
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-11-30 18:08:22	1.5 kB	33 kB	104.16.64.126
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-11-30 18:12:19	1.4 kB	56 kB	192.0.77.37
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-01 06:35:15	1.8 kB	122 kB	45.133.44.10
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-01 06:26:25	437 B	193 kB	142.250.74.168
impolitefreakish.com	unknown	2023-11-28	2023-11-28 18:29:43	2023-12-01 10:51:17	877 B	2.6 kB	173.233.137.52
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-01 06:35:22	589 B	1.4 kB	13.107.213.53
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-11-30 18:16:42	7.0 kB	82 kB	85.184.96.28
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-01 08:02:13	883 B	107 kB	142.250.74.138
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-01 08:07:42	447 B	88 kB	216.58.207.234
reedpraised.com	unknown	unknown	2022-04-29 03:32:29	2023-02-23 08:44:49	2.2 kB	63 kB	192.243.59.12
commentsmodule.com	unknown	2023-02-18	2023-02-18 19:41:21	2023-11-27 19:30:22	448 B	957 B	172.67.198.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 17:11:07	low	Client IP	64.233.164.127	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2023-12-01 17:11:07	low	Client IP	64.233.164.127	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2023-12-01 17:11:07	low	Client IP	64.233.164.127	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2023-12-01 17:11:10	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	valleymuchunnecessary.com	Sinkholed
2023-12-01	medium	commentsmodule.com	Sinkholed
2023-12-01	medium	tonicneighbouring.com	Sinkholed
2023-12-01	medium	accordancespotted.com	Sinkholed
2023-12-01	medium	valleymuchunnecessary.com	Sinkholed
2023-12-01	medium	sensualtestresume.com	Sinkholed
2023-12-01	medium	accordancespotted.com	Sinkholed
2023-12-01	medium	impolitefreakish.com	Sinkholed
2023-12-01	medium	accordancespotted.com	Sinkholed
2023-12-01	medium	conqueredallrightswell.com	Sinkholed
2023-12-01	medium	conqueredallrightswell.com	Sinkholed
2023-12-01	medium	toprevenuegate.com	Sinkholed
2023-12-01	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	From	Size	First Seen	Last Seen
	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5795 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	92 B	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5784 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	364 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5771 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:40 Times Seen57426 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-01	2023-12-02
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 10:17 Last Seen2023-12-02 07:27 Times Seen10 Hash 7826c802b22735480a47c0098c4c3af0 ee22e91c2127146cebc3c601225945c44c26a789 64186a37dfa114c3dd30b6bf95cfe56a712fa2cde23df057c02980cff096d230 Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

		Size	First Seen	Last Seen
	#1 Eval - e4656e3a2d2b3e79119ee10b623d416a	749 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash e4656e3a2d2b3e79119ee10b623d416a e6ce44ae85dccf8bbde9cc1da4330d3f9df8f6dc 05ac09ca3e773340199f47a9f35c9ace3ce4d182898272302001bf90943abdc9 Loading...

	#2 Eval - 0e4da3e4fee537b31582fac74ce0edac	2.1 kB	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 0e4da3e4fee537b31582fac74ce0edac c57d75039250e33165f6654e765e88aeb146124c a2c7b78981628a29d48cbb5f0ab16ec77169e331b5aee74a4dc152c21cc41dca Loading...

	#3 Eval - 2373cdc20588728fa868a1e7c39cf421	471 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 2373cdc20588728fa868a1e7c39cf421 06aab0bf0601ec5a85670d677da3e252d62e07d9 dbc1bf8cfaf427a39dba8d466025b0e880444cbf3e3935d31ef8774cbc13d367 Loading...

	#4 Eval - 786999bfc817837caf61ec5fd75eaaf0	20 B	2023-03-07 01:07	2025-04-29 21:47
Pretty Observations First Seen2023-03-07 01:07 Last Seen2025-04-29 21:47 Times Seen814 Hash 786999bfc817837caf61ec5fd75eaaf0 0cbe6cc1093c2068c537393bbc96de4bc32888f5 fc0d820f6f6693ccd6462b02714dcea358f75a12b72a7fe3f38e24168433f487 Loading...

	#5 Eval - 64156eaad3513eb18170052ed00f78d7	2.1 kB	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 64156eaad3513eb18170052ed00f78d7 81da6737fd112fa48dcfac3d32afbade8a4f9e1a 7cb9df54ecf1a1668f0db6ec7441dd4ba1026c4643fab89d84087f10c5f3d1dd Loading...

	#6 Eval - a7ce8bf7c544f76eb89926b3ca618f43	12 B	2023-03-07 01:07	2025-04-29 21:47
Pretty Observations First Seen2023-03-07 01:07 Last Seen2025-04-29 21:47 Times Seen1414 Hash a7ce8bf7c544f76eb89926b3ca618f43 313d20acfe186ea3594870fc6d56c119f658fef2 4ab4edee422a7a6e621718d1ae7180b13ba13f18c0ce3e7e3e26fd68e57e119c Loading...

	#7 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2f3d06feaf56df49092803e0aedf65a2	113 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 2f3d06feaf56df49092803e0aedf65a2 b613751578def41aae7154689ba4a0137e22fa78 21bff86acaa6cd31232a36dec1ac8535e49ae2413d8ce425b411422a1e9edb6f Loading...

	#2 Write - 6327fd86009bcc36a0d80934211f2b53	113 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 6327fd86009bcc36a0d80934211f2b53 6f1b135785ff610ac71a434cc39ccfb54046aebb 6fc964609bf92107e0ef05bff264bdd831265a2555fcd0e98a752191733ac29a Loading...

	#3 Write - f5a0f798c9eb5ed132a830326db45adc	113 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash f5a0f798c9eb5ed132a830326db45adc 81f5abc79cb1964b93890728a7fe98d56f0c9e8d 29a5364a4632fedb69e900b925b2d9c1e379877ea12f80eb47437d206b13ecce Loading...

	#4 Write - 6936910ba133c4b5372eea8fad16a941	113 B	2024-08-20 17:09	2024-08-20 17:09
Pretty Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 6936910ba133c4b5372eea8fad16a941 3f6ca01615ef7938025237e48349969614f12146 395a0c7c3bfae3002451dd31efeab7ebb5280f68ad9153b45838e36c219372b3 Loading...

	#5 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (138)

URL IP Response Size

cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html

185.77.97.170

24 kB

URL
cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13816), with CRLF, LF line terminators
Size
24 kB (23740 bytes)
Hash
1f863bc75d200bf611e88d3141c2211a
f8bf03fcca7f46e5a0a3564dc22d736db9f664c8
785cdf728a87984a8fd715ece2377faf0689e1924c5b2434099c9c764553a7fc

HTTP Headers

GET /ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:10:59 GMT
content-type: text/html; charset=UTF-8
content-length: 23740
x-powered-by: PHP/7.4.33
link: <https://cineycortosgay.com/wp-json/>; rel="https://api.w.org/", <https://cineycortosgay.com/wp-json/wp/v2/posts/6830>; rel="alternate"; type="application/json", <https://cineycortosgay.com/?p=6830>; rel=shortlink
etag: "73625-1701291439;br"
x-litespeed-cache: hit
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 170ea31259a9e3cc1f2e80682ca58ed8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.307
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/age-gate/dist/main.css?ver=3.3.1

185.77.97.170

2.6 kB

URL
cineycortosgay.com/wp-content/plugins/age-gate/dist/main.css?ver=3.3.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (10106)
Size
2.6 kB (2583 bytes)
Hash
5bf9635d5c7f363cee6ae6c10c3416c6
1fa03030bc9783e851f458960cc1708e75e2d2b4
31ded3b70629bcdfdd79e23541237a1690cea864c6c8b15eeba36c135630eec3

HTTP Headers

GET /wp-content/plugins/age-gate/dist/main.css?ver=3.3.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
content-length: 2583
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Wed, 22 Nov 2023 20:42:51 GMT
etag: "32e4-655e67cb-b687579617fd814c;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 63dc1f9e1a1ff95adf58ab1776c0b2db-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.309
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1

185.77.97.170

1.5 kB

URL
cineycortosgay.com/wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
1.5 kB (1450 bytes)
Hash
e4427e2d023ec2999bb044643b8750e3
fce308b16d9db8ecf7c567e4aacf18c2c812aa9f
604f09bba03e892de38159b1d2a9176cd244419af15398a1043db516d676a4e2

HTTP Headers

GET /wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
content-length: 1450
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "259c-63ce0c47-e4e916860c6377bd;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 5cb3a7e7ffcd1b9e7e3bfc434839c7b9-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.307
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

185.77.97.170

541 B

URL
cineycortosgay.com/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
541 B (541 bytes)
Hash
8f7651f15cf1ffb98472eed10c4057dd
1492fade26e31ace938ae21a0c41a840decb61b8
9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d

HTTP Headers

GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
content-length: 541
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Sun, 22 Oct 2023 05:32:48 GMT
etag: "a99-6534b400-d2fca4d25b79373a;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: f73028e190c9f2078e1bfc3a1c124c0d-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.313
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/styles/style-mobile.css?ver=1.8.1

185.77.97.170

1.8 kB

URL
cineycortosgay.com/wp-content/themes/tempera/styles/style-mobile.css?ver=1.8.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
1.8 kB (1814 bytes)
Hash
d1b9f60db7f165dd2c0c7bdb837d55da
777defbe2800cfa3efc1313d05889950a63803fb
d53ffdb499feab4bc59be9232ebac274cdfe57d16961a7db2d186bb71b5b21c7

HTTP Headers

GET /wp-content/themes/tempera/styles/style-mobile.css?ver=1.8.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
content-length: 1814
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "1d0a-63ce0c47-4bb4092acd632f5c;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 47e8f6e201ac8b6cb77664d6b0e353dc-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.315
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/style.css?ver=1.8.1

185.77.97.170

12 kB

URL
cineycortosgay.com/wp-content/themes/tempera/style.css?ver=1.8.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (1083)
Size
12 kB (12057 bytes)
Hash
21430ef8eaf7832ed1cda46ebde0e036
0cb76e50e84be012e71f95d870562acb091c94e6
89dbdb66193e62819577b614ac54bab88885df9bd1df760a89418826c5b526c6

HTTP Headers

GET /wp-content/themes/tempera/style.css?ver=1.8.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
content-length: 12057
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "e352-63ce0c47-8df700859306c5c0;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 0bb42bf163e7e2b0a2671a2866252dff-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.320
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.4.1

185.77.97.170

316 B

URL
cineycortosgay.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.4.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
316 B (316 bytes)
Hash
110e06930c2043d5439adeb9999f07f5
1294fd7195b1c2652c3627fe7a57f71d447313b3
d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767

HTTP Headers

GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=6.4.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 316
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Sun, 22 Oct 2023 05:32:48 GMT
etag: "3f9-6534b400-54c202cb1a196b7f;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: af0d5f5509e179a0f9f7a02612f079c1-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.312
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/images/socials/Instagram.png

185.77.97.170

822 B

URL
cineycortosgay.com/wp-content/themes/tempera/images/socials/Instagram.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
822 B (822 bytes)
Hash
85279f75c6edf1307b6a2c1610d64d99
98d9ad6b47be9a97a67b054f11d742648300c354
82328f8dc8acef320abe5d55f0fecf60e40bfcfb0687327711328117eb42d8e6

HTTP Headers

GET /wp-content/themes/tempera/images/socials/Instagram.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: image/webp
content-length: 822
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: 7f27d047fbb03d56d8762cfe7f625ea1-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.309
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/images/socials/YouTube.png

185.77.97.170

564 B

URL
cineycortosgay.com/wp-content/themes/tempera/images/socials/YouTube.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
564 B (564 bytes)
Hash
9e3bc528a477ce8bc2cc1a50cd1a6028
e003a201e811f2e0dee9bdb5c69db25e317d638c
aafe99dc8fab54a48f503b763ce5452e6e64522c3bb44165e53dccf03308c1b0

HTTP Headers

GET /wp-content/themes/tempera/images/socials/YouTube.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: image/webp
content-length: 564
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: 85549e1744ea106bf4fb98bd41c3bb03-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.318
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/images/socials/Pinterest.png

185.77.97.170

828 B

URL
cineycortosgay.com/wp-content/themes/tempera/images/socials/Pinterest.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
828 B (828 bytes)
Hash
bd2662d0aebda8fa1a83811777284867
1f4f830c8a6b265c50d0f024f114363f867b725f
abcdd0593e6c478b28c0d3e34ef64210e9373bddb63ccbb2692c5b99c2c9128a

HTTP Headers

GET /wp-content/themes/tempera/images/socials/Pinterest.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: image/webp
content-length: 828
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: 22a45777ab332e2fb2051f7d4f247d94-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.318
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/age-gate/dist/focus.js?ver=3.3.1

185.77.97.170

4.2 kB

URL
cineycortosgay.com/wp-content/plugins/age-gate/dist/focus.js?ver=3.3.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (12388)
Size
4.2 kB (4158 bytes)
Hash
d1f031f56df46817caa9570bb739b05f
99eaff28f18978157d1d9b6ea03dc00ec239f40f
1a0aa96689d4507342715c1a9eb876174fb85bdc8324bf6b75062ec16e80573b

HTTP Headers

GET /wp-content/plugins/age-gate/dist/focus.js?ver=3.3.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 4158
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Wed, 22 Nov 2023 20:42:51 GMT
etag: "30a3-655e67cb-272aa8c38312b5f7;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 0505b2dc95ae9e9f41c1f1efcbc5a0d8-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.307
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/images/socials/Twitter.png

185.77.97.170

634 B

URL
cineycortosgay.com/wp-content/themes/tempera/images/socials/Twitter.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
634 B (634 bytes)
Hash
7b803caf277bfbced776be6ae1204744
4dc37065e57b1e5731c41ed6ff834d28b08cf5ea
8bf6b305ff9ad5f056fae676b205cf71070c45252c4001eba9a8795e5129f4e9

HTTP Headers

GET /wp-content/themes/tempera/images/socials/Twitter.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: image/webp
content-length: 634
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: 62eda802ae5f6b6688673c40e40eeba2-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.317
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

185.77.97.170

330 B

URL
cineycortosgay.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (701), with no line terminators
Size
330 B (330 bytes)
Hash
328b8123661abdd5f4a0c695e7aa9dcc
4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 330
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Wed, 22 Nov 2023 20:42:56 GMT
etag: "2bd-655e67d0-2d89dc8379e5008c;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 11418e187047e302fe406349ed764026-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.317
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/js/frontend.js?ver=1.8.1

185.77.97.170

2.6 kB

URL
cineycortosgay.com/wp-content/themes/tempera/js/frontend.js?ver=1.8.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text
Size
2.6 kB (2593 bytes)
Hash
0810b0155638e0015271dcf4ae3f48fe
8467529a32a860e5dbb785350db60635c8eb50f9
6880959b58ff8a71c29dfe2a445b569bc1563334c4ffbabc7cba2541c90f0864

HTTP Headers

GET /wp-content/themes/tempera/js/frontend.js?ver=1.8.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 2593
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "1d4c-63ce0c47-fa9e6d197ca17a2;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: e3d0d06de8e52881de98371b9eed88e0-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.313
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/age-gate/dist/all.js?ver=3.3.1

185.77.97.170

23 kB

URL
cineycortosgay.com/wp-content/plugins/age-gate/dist/all.js?ver=3.3.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
Unicode text, UTF-8 text, with very long lines (65443)
Size
23 kB (23372 bytes)
Hash
46144a24635819f8dd536b081cfcf1ee
1a74d7ba743e275a85b2bfaee10376933cfd144d
d70edc93cebcce09f441bd40adc84c20cb783639f1681bae18b30baf85849cf2

HTTP Headers

GET /wp-content/plugins/age-gate/dist/all.js?ver=3.3.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 23372
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Wed, 22 Nov 2023 20:42:51 GMT
etag: "1274a-655e67cb-54dd8e22b5d45c12;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: bec0369e32b94c178d780481f6c7363f-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.322
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/plugins/age-gate/dist/age-gate.js?ver=3.3.1

185.77.97.170

29 kB

URL
cineycortosgay.com/wp-content/plugins/age-gate/dist/age-gate.js?ver=3.3.1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
ASCII text, with very long lines (65470)
Size
29 kB (28783 bytes)
Hash
4880f0e14890ae6f64bb6edf38c2c535
ec68963fe2b4be9eb66343667d13c770b8206947
4d1e8c11d95c29f0f6fed8d346c35bf330ae014ef9d4b762b8d47aa01f933f6d

HTTP Headers

GET /wp-content/plugins/age-gate/dist/age-gate.js?ver=3.3.1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: application/x-javascript
content-length: 28783
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:00 GMT
last-modified: Wed, 22 Nov 2023 20:42:51 GMT
etag: "13d46-655e67cb-f36c5fe0ac34f734;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 254fbeead802e13fa4c7da94bc67ec21-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.311
accept-ranges: bytes
X-Firefox-Spdy: h2

reedpraised.com/60/bc/60/60bc6078b60bf35d87ae4499d01b0217.js

192.243.59.12

16 kB

URL
reedpraised.com/60/bc/60/60bc6078b60bf35d87ae4499d01b0217.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (42832), with no line terminators
Size
16 kB (15465 bytes)
Hash
106ff9ed4181774622944c2ed2ef7b9c
5360c3b637bd763ce79eba88f0f8d8908a921b20
bf613ad06d21af40084a0d9b5d553ccd80b6912f9cde7c5ae4e3ea88111b77a7

HTTP Headers

GET /60/bc/60/60bc6078b60bf35d87ae4499d01b0217.js HTTP/1.1
Host: reedpraised.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91aadc33159c03f5158d8c80ecdcfa8c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
96036b51fd2052c74afbc097a3df63d4
6dd7e454748402f531f6fcb4c8cd7ca2f092369a
1ed849148b3f15b06a99682559fb80294b5e7351a23bc7d57c73d792e1f26080

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cineycortosgay.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fde9cddc-6277-4212-b4c9-9a03b6f99dfe:1:1; expires=Mon, 28 Nov 2033 17:11:01 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

reedpraised.com/a8b2120c44620f1b260e0a25335f795d/invoke.js

192.243.59.12

11 kB

URL
reedpraised.com/a8b2120c44620f1b260e0a25335f795d/invoke.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29622), with no line terminators
Size
11 kB (10914 bytes)
Hash
992f96ebbf5c0f6fc41be7cd69aa3058
818e3076ced5e3f303ee31f3eb10b884531ccd0b
bb055559fd1367b1618613c93f87402a8d9f610cd607a017e2e10eb092e1ab82

HTTP Headers

GET /a8b2120c44620f1b260e0a25335f795d/invoke.js HTTP/1.1
Host: reedpraised.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0808e7ba38fa439683fa9882537e5b08
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streamplaylogo.jpg

192.0.77.2

1.5 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streamplaylogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.5 kB (1514 bytes)
Hash
d493dff0866fb3512e9b043638aa0cd1
59f89780c67b0cef38784e2a3d7b1addde89bcad
cce87d412a9d0b817925a8236995513fd9a7978a0ecfa3562ca05e05ae12a21c

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/streamplaylogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1514
last-modified: Sun, 26 Nov 2023 00:34:24 GMT
expires: Tue, 25 Nov 2025 12:34:24 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/streamplaylogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "90cb6e0b415ace00"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/bdlogo.jpg

192.0.77.2

1.6 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/bdlogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 kB (1558 bytes)
Hash
80239225296b52d63d5f1c4503f434ac
033f50f43a26cd7e2a321205bc4d3669f836ed4c
aedce5abeaa880e2864b48bf49dced9e11cb873f3c47b11db33f49084c6d745f

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/bdlogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1558
last-modified: Fri, 24 Nov 2023 10:33:03 GMT
expires: Sun, 23 Nov 2025 22:33:03 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/bdlogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "c9dc6db4c0d99c60"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streamlogo.jpg

192.0.77.2

1.4 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streamlogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1356 bytes)
Hash
b9331b4943b11a0a9c3e98eec69b389d
74c83c8b0daefaa94d490b670ae4b768a5bc35c6
92a3042c27d7230fde9ac87e2d04834c08e5fb6394179cc00c6838c795d2e164

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/streamlogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1356
last-modified: Tue, 28 Nov 2023 07:16:39 GMT
expires: Thu, 27 Nov 2025 19:16:39 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/streamlogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "3baff9d6171c8778"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/uptoboxlogo.jpg

192.0.77.2

1.1 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/uptoboxlogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x25, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1080 bytes)
Hash
f390027efb589dbc535ab2785f04b1f2
149281ce6570ba8018c49737211260fc28cfd3b0
c6e564920ccaab4ca3280566b8663c50bb7403fe3d07edd8462c474d0e280cce

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/uptoboxlogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1080
last-modified: Wed, 25 Oct 2023 17:06:08 GMT
expires: Sat, 25 Oct 2025 05:06:08 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/uptoboxlogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "9b20bbac260a905f"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/powvideologo.jpg

192.0.77.2

1.8 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/powvideologo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.8 kB (1780 bytes)
Hash
eeff578a6cc7484d4fb58fbe9a3328c1
a7d15ecf161f6d8ac1c9e2ee51691663c069d424
6a6eb9a2fcc1811eb82e360ac4b1d0141461201af6f7555b75169737d21aa299

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/powvideologo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1780
last-modified: Sun, 05 Nov 2023 02:28:01 GMT
expires: Tue, 04 Nov 2025 14:28:01 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/powvideologo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "2b0414aeb33abd0b"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/openloadlogo.jpg

192.0.77.2

1.5 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/openloadlogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.5 kB (1462 bytes)
Hash
2cd56b6dd1b83e1c881e5c89e691422d
8febddd1dd6f54473cbff10cd13e9fc74c994a82
daacd82c949b78ef60e808872c4b346a9fbe500f22749e574d085c6f59291355

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/openloadlogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1462
last-modified: Fri, 01 Dec 2023 14:07:42 GMT
expires: Mon, 01 Dec 2025 02:07:42 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/openloadlogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "be26d4e4f7b2dcde"
vary: Accept
x-nc: EXPIRED arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/userscloud_logo.jpg

192.0.77.2

1.1 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/userscloud_logo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x25, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1064 bytes)
Hash
21740bc7975c4aa973c5c8220b748156
59a5156dfee251ff4cea2836c3565b8d4e8820dc
beda304c01890330e0308f0bf988b43f983b2ec5181c61c6097be57f10227fb9

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/userscloud_logo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1064
last-modified: Wed, 25 Oct 2023 03:55:23 GMT
expires: Fri, 24 Oct 2025 15:55:23 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/userscloud_logo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "50bb175453c15acb"
vary: Accept
x-nc: MISS arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/logouplonee.jpg

192.0.77.2

1.3 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/logouplonee.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1342 bytes)
Hash
25552b3a8f60cee15285dbbac42d3fa0
6c5b4e7d7cfac6822d2ad3f1559fbab75dbcd87e
40b3a2701228b0c6c96a5a5b4545f153d379a8c7b6528b662889d0508b451a6b

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/logouplonee.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1342
last-modified: Sun, 26 Nov 2023 10:15:13 GMT
expires: Tue, 25 Nov 2025 22:15:13 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/logouplonee.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "608ad25ce3f14a65"
vary: Accept
x-nc: HIT arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streaminlogo.jpg

192.0.77.2

1.4 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/streaminlogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1408 bytes)
Hash
d7a0fcef7820d6c74dfff0e07b44e54b
f8692bf04c4aef7db140ff0659418cfaf6bf7a3a
2b984c4ffa9130f5b4d2f3f764cfad0704a174a7319ede010ba679f365eed177

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/streaminlogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1408
last-modified: Wed, 29 Nov 2023 20:57:21 GMT
expires: Sat, 29 Nov 2025 08:57:21 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/streaminlogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "67703ed281c9c175"
vary: Accept
x-nc: MISS arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/teelogo.jpg

192.0.77.2

1.4 kB

URL
i0.wp.com/cineycortosgay.com/wp-content/uploads/2021/04/teelogo.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1444 bytes)
Hash
7921bc39f55648148bc09a18abef96ec
8c9c9e8b4ea125c0c2cd04002ecd0a719a76ee64
3987e1b1bef05bc7c985b9f83ba49827514c67bde6041504306819395d195e8f

HTTP Headers

GET /cineycortosgay.com/wp-content/uploads/2021/04/teelogo.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: image/webp
content-length: 1444
last-modified: Fri, 01 Dec 2023 14:07:41 GMT
expires: Mon, 01 Dec 2025 02:07:41 GMT
cache-control: public, max-age=63115200
link: <http://cineycortosgay.com/wp-content/uploads/2021/04/teelogo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "563fe37a1275ff5d"
vary: Accept
x-nc: EXPIRED arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/fonts/OpenSans-Regular-webfont.woff

185.77.97.170

14 kB

URL
cineycortosgay.com/wp-content/themes/tempera/fonts/OpenSans-Regular-webfont.woff
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
Web Open Font Format, TrueType, length 13988, version 1.0\012- data
Size
14 kB (13988 bytes)
Hash
5a232d0daaf2562bf4910c1f699eeaab
a07f3daa46691580836acb6ca6b38fcc89602856
3b4ae61d6e9fb6fa5d10b2390885f2e68f4443285d5b2e17c782393c6acf793f

HTTP Headers

GET /wp-content/themes/tempera/fonts/OpenSans-Regular-webfont.woff HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/font-woff
content-length: 13988
vary: Accept-Encoding
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "36a4-63ce0c47-56621b8424171edb;;;"
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 8c29f6e2ff6c33390c6a06929f111446-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.312
accept-ranges: bytes
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/fonts/elusive.woff

185.77.97.170

15 kB

URL
cineycortosgay.com/wp-content/themes/tempera/fonts/elusive.woff
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
Web Open Font Format, TrueType, length 14740, version 1.0\012- data
Size
15 kB (14740 bytes)
Hash
4af5bc564780a95541ce26e843d9860a
01801dd84676bd6a2d166108a3327a1d21ecced6
91138f3b30a796e5e5cd696f1271356a17e416782e22e05a3c31577e624d1549

HTTP Headers

GET /wp-content/themes/tempera/fonts/elusive.woff HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/font-woff
content-length: 14740
vary: Accept-Encoding
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "3994-63ce0c47-592a54c24c88d571;;;"
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 7fc325d8875344884de567754a759bb5-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.312
accept-ranges: bytes
X-Firefox-Spdy: h2

reedpraised.com/158d1541be56a5bd6ea0655e353c10bc/invoke.js

192.243.59.12

11 kB

URL
reedpraised.com/158d1541be56a5bd6ea0655e353c10bc/invoke.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29610), with no line terminators
Size
11 kB (10909 bytes)
Hash
a255803fd1cad0dbef2fe8a734e0332c
e3c0ada768eb00b9c474a9240a108e3411f90399
26f4225636bdcccb5c496b1ace63140417120c2385203ff144d53ed18302dcfd

HTTP Headers

GET /158d1541be56a5bd6ea0655e353c10bc/invoke.js HTTP/1.1
Host: reedpraised.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48b673550233fe2b4afb701953743216
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

player.vimple.ru/iframe/1789459e962b41558f09701451d63d4b

81.19.70.4

162 B

URL
player.vimple.ru/iframe/1789459e962b41558f09701451d63d4b
IP
81.19.70.4:0
ASN
#24638 Rambler Internet Holding LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /iframe/1789459e962b41558f09701451d63d4b HTTP/1.1
Host: player.vimple.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: text/html
content-length: 162
location: https://b2b.rambler.ru/videoplatform/
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/fonts/BebasNeue-webfont.woff

185.77.97.170

20 kB

URL
cineycortosgay.com/wp-content/themes/tempera/fonts/BebasNeue-webfont.woff
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
Web Open Font Format, TrueType, length 20524, version 1.0\012- data
Size
20 kB (20524 bytes)
Hash
84e52c3385b8d1ba4f42a3aabde218df
bcc143dc194c35446341d9284bc0e2cab8dbceab
12e0ced69aedc50e7238ce2a7ae5cb2bf0574c5a93f603a6647a7d48077670de

HTTP Headers

GET /wp-content/themes/tempera/fonts/BebasNeue-webfont.woff HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/wp-content/themes/tempera/fonts/fontfaces.css?ver=1.8.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/font-woff
content-length: 20524
vary: Accept-Encoding
last-modified: Mon, 23 Jan 2023 04:25:43 GMT
etag: "502c-63ce0c47-d7c5dc4cfc9f8699;;;"
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: 0b390a5fd12b963737cf408e7a7cc833-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.320
accept-ranges: bytes
X-Firefox-Spdy: h2

reedpraised.com/eebfaf6afb8014911e62010723fd0a83/invoke.js

192.243.59.12

11 kB

URL
reedpraised.com/eebfaf6afb8014911e62010723fd0a83/invoke.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29610), with no line terminators
Size
11 kB (10910 bytes)
Hash
ac5027f9dc4350d88d2f4ff53dc61e14
6576fc8cb60634fcc6e977800a023506c792fccf
f13951c750f2692e554ac62d0bbecb7013cadf1ed17d445bdd35c03954bab351

HTTP Headers

GET /eebfaf6afb8014911e62010723fd0a83/invoke.js HTTP/1.1
Host: reedpraised.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0f742801aa701abd362908ec8b5b97b0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ok.ru/res/js/lib/require-2.1.11_9483d567.js

5.61.23.11

5.8 kB

URL
ok.ru/res/js/lib/require-2.1.11_9483d567.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (16739)
Size
5.8 kB (5786 bytes)
Hash
a3b7b498db7bb3a7223ed7d511025184
2c7a1293ea511961443d5a45dc5932cfc2531501
9987c2582b2c41478c45c53d971bd797ac1a7f1e3c253aecc6f9f1975212ec90

HTTP Headers

GET /res/js/lib/require-2.1.11_9483d567.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript
content-length: 5786
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

ok.ru/res/js/classic_801c7059.js

5.61.23.11

12 kB

URL
ok.ru/res/js/classic_801c7059.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (43048)
Size
12 kB (11986 bytes)
Hash
5e144bfd8a7ee9647db47238a38a4c82
8e5bc4c12ddd01450f36937660b2ca0fba55ca4b
9b0f3bd097e68cbc152122d282c34a6942d4cd553e60070fea5dde01727200f3

HTTP Headers

GET /res/js/classic_801c7059.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript
content-length: 11986
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

hqq.tv/ad/top/popunder.js

190.115.19.71

21 B

URL
hqq.tv/ad/top/popunder.js
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
533a813ddb8f84d7e018bf8e6296c44d
8c95af23d5dc502f1bc3395a6d2e339e696c0d3e
a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f

HTTP Headers

GET /ad/top/popunder.js HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/javascript; charset=UTF-8
content-length: 21
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: "6141fdde-15"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
X-Firefox-Spdy: h2

st.mycdn.me/res/css/prod/videoembed/videoembed.9f06c2f1.css

217.20.155.82

3.2 kB

URL
st.mycdn.me/res/css/prod/videoembed/videoembed.9f06c2f1.css
IP
217.20.155.82:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (15831), with no line terminators
Size
3.2 kB (3193 bytes)
Hash
9f06c2f19e517b712b7dba8f051e480e
3e6a269e1faea4fb1ce80218a4c4d6a906022f06
6a6b080c0346d82cb2547b91a0b465cb7adae9c66258ab00d2bb30f7f128f8f9

HTTP Headers

GET /res/css/prod/videoembed/videoembed.9f06c2f1.css HTTP/1.1
Host: st.mycdn.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: text/css; charset=utf-8
content-length: 3193
last-modified: Wed, 29 Nov 2023 15:03:14 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

reedpraised.com/b4032932e88d0e7355e4b8768e649e7f/invoke.js

192.243.59.12

11 kB

URL
reedpraised.com/b4032932e88d0e7355e4b8768e649e7f/invoke.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10909 bytes)
Hash
4b2697286850c06a1fd6427a54ca4ab8
cc6b57fcef7d07ea68ab54476def6c8a1021f4d5
3f2be501ce92b18706503235b36322eb586c62752e89d0bacb67f9f796f67ad6

HTTP Headers

GET /b4032932e88d0e7355e4b8768e649e7f/invoke.js HTTP/1.1
Host: reedpraised.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b3b5278cbd30fd59b0ce9d2af75ef037
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.44

0 B

URL
valleymuchunnecessary.com/watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1 HTTP/1.1
Host: valleymuchunnecessary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Location: https://valleymuchunnecessary.com/watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=7d1504e1d67ec68656da186984d6cd98c69a18697a0c704634a7a6dd83e82ec4655c7e99c66e87597bb483226bda224c6b93de3d258f73b2a108e5fef0b5660d06a0ce8a602442be37a564d57762e46f53c66b554faa54680e62eae641aaa06b&pst=1701450722&rmtc=t
Set-Cookie: u_pl=16088274; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjA4ODI3NCwiayI6ImE4YjIxMjBjNDQ2MjBmMWIyNjBlMGEyNTMzNWY3OTVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzY5NDU4LCJwaWQiOjExMTcwMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ1cGsyZTJiNzAiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jaW5leWNvcnRvc2dheS5jb20vdmVyLWZyZWllci1mYWxsLWNhaWRhLWxpYnJlLTIwMTMtb25saW5lLXN1YnRpdHVsb3MtZXNwYW5vbC5odG1sIiwiYXIiOltdfX0.3VJS_UAZL87XKcDdLKzxSjA1zcwC6B835-i3Z83JCd4; expires=Fri, 01 Dec 2023 17:12:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e7c3a146103b4c9a9018ba645dbada5
Strict-Transport-Security: max-age=0; includeSubdomains

commentsmodule.com/js/js.load.1.js?5301807861134805

172.67.198.57

0 B

URL
commentsmodule.com/js/js.load.1.js?5301807861134805
IP
172.67.198.57:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/js.load.1.js?5301807861134805 HTTP/1.1
Host: commentsmodule.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hqq.tv/
Origin: https://hqq.tv
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
cf-cache-status: HIT
age: 732120
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uc46zSxuO4lQNoSot%2FJXqOw5PQ0xgql%2BQbzj49AsX5Bn716kFh4%2BXLcDQZtD2wClm%2BAKanbPWvmzmauR3iQe9veYtY20IAWDowrC71C1F1ibstrwhG14%2B8Uc46GuJo33SO7XjAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 82ecf27158741bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tonicneighbouring.com/watch.803025258919.js?key=158d1541be56a5bd6ea0655e353c10bc&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1

192.243.59.13

0 B

URL
tonicneighbouring.com/watch.803025258919.js?key=158d1541be56a5bd6ea0655e353c10bc&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.803025258919.js?key=158d1541be56a5bd6ea0655e353c10bc&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1 HTTP/1.1
Host: tonicneighbouring.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Location: https://tonicneighbouring.com/watch.803025258919.js?key=158d1541be56a5bd6ea0655e353c10bc&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=627f3969f7db700b22097c204fb280640419da67de17d2b81f401bd2b681052399623b0fd3a8b8d6825f87d646a531b065e2655ce772e644c2f15b146b83e6f5fe904b408ea312a287c0047778a891173d7127c94c22b75e3867d6e4c82937&pst=1701450722&rmtc=t
Set-Cookie: u_pl=15813725; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTgxMzcyNSwiayI6IjE1OGQxNTQxYmU1NmE1YmQ2ZWEwNjU1ZTM1M2MxMGJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzY5NDU4LCJwaWQiOjExMTcwMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJkOHc4ajlrcHEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jaW5leWNvcnRvc2dheS5jb20vdmVyLWZyZWllci1mYWxsLWNhaWRhLWxpYnJlLTIwMTMtb25saW5lLXN1YnRpdHVsb3MtZXNwYW5vbC5odG1sIiwiYXIiOltdfX0.cyjhnDe8EK3e09wradWi-Pe50R9jexv-JI6TtzxQPjM; expires=Fri, 01 Dec 2023 17:12:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54245d2d982afb58d9b9923a4a3c93d0
Strict-Transport-Security: max-age=0; includeSubdomains

st.mycdn.me/res/i/video/stub/na_74.png

217.20.155.82

17 kB

URL
st.mycdn.me/res/i/video/stub/na_74.png
IP
217.20.155.82:0
ASN
#47764 Mail.Ru LLC

File type
PNG image data, 74 x 74, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17052 bytes)
Hash
e6eace150a3180b01fd0e1362fc91729
e139eab878f802a3c107c8d78e48ac6b866d4abc
d3e9f9b35b9dda7b4043b49b6ede0326536681dd301cd6ab9629b050b9aa9a6d

HTTP Headers

GET /res/i/video/stub/na_74.png HTTP/1.1
Host: st.mycdn.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://st.mycdn.me/res/css/prod/videoembed/videoembed.9f06c2f1.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: image/png
content-length: 17052
last-modified: Wed, 23 Mar 2022 12:15:51 GMT
vary: Accept-Encoding
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?v=ext&blog=187110677&post=6830&tz=0&srv=cineycortosgay.com&j=1%3A12.8.1&host=cineycortosgay.com&ref=&fcp=2175&rand=0.017855172378591133

192.0.76.3

50 B

URL
pixel.wp.com/g.gif?v=ext&blog=187110677&post=6830&tz=0&srv=cineycortosgay.com&j=1%3A12.8.1&host=cineycortosgay.com&ref=&fcp=2175&rand=0.017855172378591133
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=187110677&post=6830&tz=0&srv=cineycortosgay.com&j=1%3A12.8.1&host=cineycortosgay.com&ref=&fcp=2175&rand=0.017855172378591133 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

ok.ru/res/js/app/capture_5f689327.js

5.61.23.11

675 B

URL
ok.ru/res/js/app/capture_5f689327.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (1522)
Size
675 B (675 bytes)
Hash
aaed395496fb7a8393688d1d21f9be54
56f451376f8a6bab2f37dc1329897beb66852a52
20e6474fa7c9f1e7f0d2caec481216ed7713c459730db9a441e5fc9a7e965ed3

HTTP Headers

GET /res/js/app/capture_5f689327.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript
content-length: 675
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

cineycortosgay.com/wp-content/themes/tempera/images/dashed-border.png

185.77.97.170

288 B

URL
cineycortosgay.com/wp-content/themes/tempera/images/dashed-border.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
288 B (288 bytes)
Hash
8427a0fe7f08e082ef6425cf9d639b88
d56c0abf96df4a2550e2de1475e59d6e4fcbb48b
d910b3c50b35871a134ff92c1c41d19948b030d839583d5d6d400763e7c56438

HTTP Headers

GET /wp-content/themes/tempera/images/dashed-border.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/wp-content/themes/tempera/style.css?ver=1.8.1
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1; sb_main_60bc6078b60bf35d87ae4499d01b0217=1; sb_count_60bc6078b60bf35d87ae4499d01b0217=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: image/webp
content-length: 288
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:02 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: 2a477aeca1a19e604b31d3e846bbf5ab-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.316
accept-ranges: bytes
X-Firefox-Spdy: h2

ok.ru/res/js/app/VideoEmbed_bc0da08a.js

5.61.23.11

360 B

URL
ok.ru/res/js/app/VideoEmbed_bc0da08a.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (825)
Size
360 B (360 bytes)
Hash
956818422a5b489c9dc53b4b8a70d40a
78d2d53d011d23c8c96474f5905bf23b7813a4aa
7bd98f7a6f655b3ed24d60c603470bcdd167df6f54057099a0cdd70f4b079084

HTTP Headers

GET /res/js/app/VideoEmbed_bc0da08a.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript
content-length: 360
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

accordancespotted.com/sbar.json?key=60bc6078b60bf35d87ae4499d01b0217&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1

192.243.59.13

4.3 kB

URL
accordancespotted.com/sbar.json?key=60bc6078b60bf35d87ae4499d01b0217&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (5992), with no line terminators
Size
4.3 kB (4257 bytes)
Hash
c0dfcc8e347ae660db0bb5757e46b4e2
e4e8e49ffeccdc7e273b72799dd3199afcf32e98
34989a179e51db120fb773fa78844a4f69dfc09642bb631e42c540785fd957fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=60bc6078b60bf35d87ae4499d01b0217&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1 HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16036701; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
uid_id2=fde9cddc-6277-4212-b4c9-9a03b6f99dfe:1:1; expires=Fri, 08 Dec 2023 17:11:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
slec60bc6078b60bf35d87ae4499d01b0217=[4766299]; expires=Fri, 01 Dec 2023 17:11:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a094861e78bbb640988dacc74b2b4bec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ok.ru/res/js/app/OKVideo_de31ee45.js

5.61.23.11

5.3 kB

URL
ok.ru/res/js/app/OKVideo_de31ee45.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (16084)
Size
5.3 kB (5334 bytes)
Hash
67b0e39859af2910f56d7ebf1f770c12
6ee224018d9146fc46201310bae31e50b7c22e2e
c903bbb446395bd69fb0038cbd722e189e49c51228a0074092cc37c5c1e6d5c5

HTTP Headers

GET /res/js/app/OKVideo_de31ee45.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript
content-length: 5334
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:02 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

valleymuchunnecessary.com/watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=7d1504e1d67ec68656da186984d6cd98c69a18697a0c704634a7a6dd83e82ec4655c7e99c66e87597bb483226bda224c6b93de3d258f73b2a108e5fef0b5660d06a0ce8a602442be37a564d57762e46f53c66b554faa54680e62eae641aaa06b&pst=1701450722&rmtc=t

173.233.137.44

2.1 kB

URL
valleymuchunnecessary.com/watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=7d1504e1d67ec68656da186984d6cd98c69a18697a0c704634a7a6dd83e82ec4655c7e99c66e87597bb483226bda224c6b93de3d258f73b2a108e5fef0b5660d06a0ce8a602442be37a564d57762e46f53c66b554faa54680e62eae641aaa06b&pst=1701450722&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2657)
Size
2.1 kB (2111 bytes)
Hash
bf7217440e3808acf88354ca741225a1
8a843fb2b2c055c596f04b0a1c670864921335fd
79d30390cf12208de88e5c12ef96fab628d87dfbf5598ca12a208bceda498d4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1560802114958.js?key=a8b2120c44620f1b260e0a25335f795d&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=7d1504e1d67ec68656da186984d6cd98c69a18697a0c704634a7a6dd83e82ec4655c7e99c66e87597bb483226bda224c6b93de3d258f73b2a108e5fef0b5660d06a0ce8a602442be37a564d57762e46f53c66b554faa54680e62eae641aaa06b&pst=1701450722&rmtc=t HTTP/1.1
Host: valleymuchunnecessary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
Referer: https://cineycortosgay.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16088274; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjA4ODI3NCwiayI6ImE4YjIxMjBjNDQ2MjBmMWIyNjBlMGEyNTMzNWY3OTVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzY5NDU4LCJwaWQiOjExMTcwMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJ1cGsyZTJiNzAiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jaW5leWNvcnRvc2dheS5jb20vdmVyLWZyZWllci1mYWxsLWNhaWRhLWxpYnJlLTIwMTMtb25saW5lLXN1YnRpdHVsb3MtZXNwYW5vbC5odG1sIiwiYXIiOltdfX0.3VJS_UAZL87XKcDdLKzxSjA1zcwC6B835-i3Z83JCd4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fde9cddc-6277-4212-b4c9-9a03b6f99dfe:1:1; expires=Fri, 08 Dec 2023 17:11:02 GMT; secure; SameSite=None
iprccb52d23ad954b8b3be15983b9987e196=3569807; expires=Fri, 01 Dec 2023 21:11:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
pdhtkv27=true; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
uncs27=1; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9bc9cfd74793bc22809f60d58573c4f2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cineycortosgay.com/wp-includes/images/rss.png

185.77.97.170

532 B

URL
cineycortosgay.com/wp-includes/images/rss.png
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
532 B (532 bytes)
Hash
9f39abc2f77e9740f59b9d87630baf33
ce6f21054f1ce1fa6c5eba26f7f47d24024117dc
9abc1aa97d8963626de7eb0e855f8d23c83f54c128ac6ea7f17fe892c3994a41

HTTP Headers

GET /wp-includes/images/rss.png HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1; sb_main_60bc6078b60bf35d87ae4499d01b0217=1; sb_count_60bc6078b60bf35d87ae4499d01b0217=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: image/webp
content-length: 532
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 17:11:02 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-request-id: d4b3748ddb0614333e4d5760891fa460-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.314
accept-ranges: bytes
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.8.1/css/jetpack.css

192.0.77.37

20 kB

URL
c0.wp.com/p/jetpack/12.8.1/css/jetpack.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (19502 bytes)
Hash
91664c6f5f621e9deeec61279b8ef3dc
f707f89e7a27114fbdf40a2bbbf670d5bae5a1b2
277fb30e91af19162de1bd98e6364ee78f0677257c118fd46d0255b83eeadd55

HTTP Headers

GET /p/jetpack/12.8.1/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 13 Nov 2023 18:14:20 GMT
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:00 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

sensualtestresume.com/watch.1046951668362.js?key=eebfaf6afb8014911e62010723fd0a83&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1

173.233.137.52

0 B

URL
sensualtestresume.com/watch.1046951668362.js?key=eebfaf6afb8014911e62010723fd0a83&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1046951668362.js?key=eebfaf6afb8014911e62010723fd0a83&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1 HTTP/1.1
Host: sensualtestresume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Location: https://sensualtestresume.com/watch.1046951668362.js?key=eebfaf6afb8014911e62010723fd0a83&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=96c6bbca3b6a3f6a7f1b532e848789221bc3c6c332689b4e9a210944081771e2cc37765eded09a547cf7e9d02d57b0405e5f1287654dadd1fc747d58bf7f22dc39e835329bdc3b6ddb1dab2b82cf441008088787f040732ed03fe9704fa53690&pst=1701450722&rmtc=t
Set-Cookie: u_pl=15813705; expires=Sat, 02 Dec 2023 17:11:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTgxMzcwNSwiayI6ImVlYmZhZjZhZmI4MDE0OTExZTYyMDEwNzIzZmQwYTgzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzY5NDU4LCJwaWQiOjExMTcwMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6Im03NDA4Y2EyMyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NpbmV5Y29ydG9zZ2F5LmNvbS92ZXItZnJlaWVyLWZhbGwtY2FpZGEtbGlicmUtMjAxMy1vbmxpbmUtc3VidGl0dWxvcy1lc3Bhbm9sLmh0bWwiLCJhciI6W119fQ.oJkZ6UztqkQ3-sVkCCzsnQpuYzTlRgRYnx_gtmk0_IU; expires=Fri, 01 Dec 2023 17:12:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7da8c055915a6a4126fb85234abac4db
Strict-Transport-Security: max-age=0; includeSubdomains

hqq.tv/cdn-cgi/trace

190.115.19.71

146 B

URL
hqq.tv/cdn-cgi/trace
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /cdn-cgi/trace HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Cookie: uid=U*Va1UWj*gJJ7ZpZmxoyI0nSNfnojuRD
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: text/html; charset=UTF-8
content-length: 146
x-origin-location: /
server: Google Frontend
x-cache-status-inferno: MISS
x-inferno-location: /
X-Firefox-Spdy: h2

cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html?relatedposts=1

185.77.97.170

1.1 kB

URL
cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html?relatedposts=1
IP
185.77.97.170:0
ASN
#57844 SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.

File type
JSON data\012- , ASCII text, with very long lines (2758), with no line terminators
Size
1.1 kB (1144 bytes)
Hash
76a67f67f881bf79fbf17d6a40cb3956
8359a56e10c5f2a12355c7ccfc9b203332c74b6a
f0fc6e748345a618f00350714897a8d28e94a01cede4a2d636460348929208f7

HTTP Headers

GET /ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html?relatedposts=1 HTTP/1.1
Host: cineycortosgay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1; sb_main_60bc6078b60bf35d87ae4499d01b0217=1; sb_count_60bc6078b60bf35d87ae4499d01b0217=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: hcdn
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/json; charset=utf-8
content-length: 1144
x-powered-by: PHP/7.4.33
x-content-type-options: nosniff
etag: "73626-1701291444;br"
x-litespeed-cache: hit
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
x-hcdn-request-id: dfda8f40bf4db6eca88eeed69d3f65f3-fast-edge3
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.310
accept-ranges: bytes
X-Firefox-Spdy: h2

ok.ru/res/js/lib/jquery-1.8.3_9a61997f.js

5.61.23.11

30 kB

URL
ok.ru/res/js/lib/jquery-1.8.3_9a61997f.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
Unicode text, UTF-8 text, with very long lines (36291)
Size
30 kB (29956 bytes)
Hash
6f84f817d2171348bad6f698e665727d
308c4b78ce059e113743244e24ddb9b320293e2e
9c6f796a442a19a17e46356c731d5883a8f2f5c2c45010e6d0694a3cad738134

HTTP Headers

GET /res/js/lib/jquery-1.8.3_9a61997f.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
content-length: 29956
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:03 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

5.4 kB

URL
c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (11256), with no line terminators
Size
5.4 kB (5375 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.4.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:00 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

ok.ru/res/js/b/primary_ff6a4e9.js

5.61.23.11

28 kB

URL
ok.ru/res/js/b/primary_ff6a4e9.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
Unicode text, UTF-8 text, with very long lines (54831)
Size
28 kB (27928 bytes)
Hash
88f7c3f0ee1094d01f385f1564aa7e26
c2970012c12e6617dc0cba590206a9e58ac3df4a
24691f814e9e1f3a9ddf88e1d9dba41379b9f5cfdc58f7329478854064aa3c85

HTTP Headers

GET /res/js/b/primary_ff6a4e9.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
content-length: 27928
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:03 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

ok.ru/res/js/b/music2_f49e9523.js

5.61.23.11

5.8 kB

URL
ok.ru/res/js/b/music2_f49e9523.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (19439)
Size
5.8 kB (5786 bytes)
Hash
543e9ad14f0245ea12083e476b8e0653
0dc3c70c3f59da19dfbf75e8554b52fc82641454
66e2d48bf20eaeb4aa1859334ef33885bc9b3b899ca5299c7c7be9221c422878

HTTP Headers

GET /res/js/b/music2_f49e9523.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
content-length: 5786
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:03 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

accordancespotted.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTuJJPKi5eBDm4CGCO1s9%2F20OwRgTgzEJ%2BSEH8VB%2FPVvZ6q6mqnt6drwEA5LjCB489n6zyaKGYKInQZBZL7IgOB5kDy6IeM1FyVlmdmD0QdV73%2Fvq8L7v1SfbxSEJUbCDq%2B%2FbkTaGrbfrtHbqlk6lLX3t8o1aSOv0dO2WTjut07Xh%2FHKDN0PartPXaxeU2LTrDRpSGtKwdl47Fdvh%2BoKFzh5GYT2i9VajHrZbGLr%2FY18E8CyAHBySl6Dl7LmNnx5DiynS5Otzym%2FmNnvjnaQwLLcOA7l7M91MbZkiWZWxCxCnu8vXsH5GyOfHYNPdpQLYwc5cAbiekeC3EDzdXY4JPrh%2FNCk3UCm4fB7lYAplptBsCmHvQstfCCAkLl9Bmjy4bF3Jto5YNmdn5MSzv6HLGTnx%2B0mkyaOzRg9r160pcm1Tj2FcQQ%2Bn0P0psmIP%2BSiALvcg8o%2Bh5c9k%2FdklpMnOFW8stDx4LZYqElKKtU6j211rNcLGGm%2BJaC1itMk7cRTJWC0s0noKHU9h1BjMByjmRwco4gBFFiCRBzXWjmJKuzGPm81eSwjRbArR7nVkWzZbvZiiEHMNY%2BTZGMKMIdwdZO4ONvUYrvgBfqOClwF8TjCQFUpFUHqCkhGUmqDMCcpBdV8a3%2FDVA2l8wcNlbixzs5rYvL%2FN7tu8r1IC5sbb2SF5cWHeP998iE11UOtQLjq02%2BMdyuNmW%2Fa6TLVaUSRpyGkj7MLrCtofW0gd6Rk5%2BZdDNt%2FotzfA2R682YPQAVjxKlg56TYo2Mak1aMYpU%2BETtWWsC63vs%2B26sImkLZClp9AvhVsm0PyymKad7%2F7AErsn%2Fls9MeFRyc%2FgnAVMlfhtv6RoG%2FuTa7Zkuxcs6Unj69kuU70iM3XfD1nuTr%2B5Xtqq7ROXjznx1%2B8JebEvHx4Q%2Fn8EkulTvuefHVWS6nceeuEIt9f9LcUv1r4jbOFS4vs0tW3z19MMqe81zadgukZIU%2BfQOgZeeGpX3zhUzf%2FhHZTuKJCUuyTZUDbPYjsDny26nlL4MwK8yxAWVQT1%2BCrptEERq0w4xX8fzBf1dv%2BHvouAMvvIk0qDFyFganAzBi%2BOD7JM7d%2F5tfmIsBNMOHGBTvcOPPpkbleH9RUO6axog3F44jHXUZlFLcizqJQdXmbhcj9TN1%2B%2BcG%2FAAAA%2F%2F8BAAD%2F%2Fy8DgKGaBAAA

192.243.59.13

7 B

URL
accordancespotted.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTuJJPKi5eBDm4CGCO1s9%2F20OwRgTgzEJ%2BSEH8VB%2FPVvZ6q6mqnt6drwEA5LjCB489n6zyaKGYKInQZBZL7IgOB5kDy6IeM1FyVlmdmD0QdV73%2Fvq8L7v1SfbxSEJUbCDq%2B%2FbkTaGrbfrtHbqlk6lLX3t8o1aSOv0dO2WTjut07Xh%2FHKDN0PartPXaxeU2LTrDRpSGtKwdl47Fdvh%2BoKFzh5GYT2i9VajHrZbGLr%2FY18E8CyAHBySl6Dl7LmNnx5DiynS5Otzym%2FmNnvjnaQwLLcOA7l7M91MbZkiWZWxCxCnu8vXsH5GyOfHYNPdpQLYwc5cAbiekeC3EDzdXY4JPrh%2FNCk3UCm4fB7lYAplptBsCmHvQstfCCAkLl9Bmjy4bF3Jto5YNmdn5MSzv6HLGTnx%2B0mkyaOzRg9r160pcm1Tj2FcQQ%2Bn0P0psmIP%2BSiALvcg8o%2Bh5c9k%2FdklpMnOFW8stDx4LZYqElKKtU6j211rNcLGGm%2BJaC1itMk7cRTJWC0s0noKHU9h1BjMByjmRwco4gBFFiCRBzXWjmJKuzGPm81eSwjRbArR7nVkWzZbvZiiEHMNY%2BTZGMKMIdwdZO4ONvUYrvgBfqOClwF8TjCQFUpFUHqCkhGUmqDMCcpBdV8a3%2FDVA2l8wcNlbixzs5rYvL%2FN7tu8r1IC5sbb2SF5cWHeP998iE11UOtQLjq02%2BMdyuNmW%2Fa6TLVaUSRpyGkj7MLrCtofW0gd6Rk5%2BZdDNt%2FotzfA2R682YPQAVjxKlg56TYo2Mak1aMYpU%2BETtWWsC63vs%2B26sImkLZClp9AvhVsm0PyymKad7%2F7AErsn%2Fls9MeFRyc%2FgnAVMlfhtv6RoG%2FuTa7Zkuxcs6Unj69kuU70iM3XfD1nuTr%2B5Xtqq7ROXjznx1%2B8JebEvHx4Q%2Fn8EkulTvuefHVWS6nceeuEIt9f9LcUv1r4jbOFS4vs0tW3z19MMqe81zadgukZIU%2BfQOgZeeGpX3zhUzf%2FhHZTuKJCUuyTZUDbPYjsDny26nlL4MwK8yxAWVQT1%2BCrptEERq0w4xX8fzBf1dv%2BHvouAMvvIk0qDFyFganAzBi%2BOD7JM7d%2F5tfmIsBNMOHGBTvcOPPpkbleH9RUO6axog3F44jHXUZlFLcizqJQdXmbhcj9TN1%2B%2BcG%2FAAAA%2F%2F8BAAD%2F%2Fy8DgKGaBAAA
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTuJJPKi5eBDm4CGCO1s9%2F20OwRgTgzEJ%2BSEH8VB%2FPVvZ6q6mqnt6drwEA5LjCB489n6zyaKGYKInQZBZL7IgOB5kDy6IeM1FyVlmdmD0QdV73%2Fvq8L7v1SfbxSEJUbCDq%2B%2FbkTaGrbfrtHbqlk6lLX3t8o1aSOv0dO2WTjut07Xh%2FHKDN0PartPXaxeU2LTrDRpSGtKwdl47Fdvh%2BoKFzh5GYT2i9VajHrZbGLr%2FY18E8CyAHBySl6Dl7LmNnx5DiynS5Otzym%2FmNnvjnaQwLLcOA7l7M91MbZkiWZWxCxCnu8vXsH5GyOfHYNPdpQLYwc5cAbiekeC3EDzdXY4JPrh%2FNCk3UCm4fB7lYAplptBsCmHvQstfCCAkLl9Bmjy4bF3Jto5YNmdn5MSzv6HLGTnx%2B0mkyaOzRg9r160pcm1Tj2FcQQ%2Bn0P0psmIP%2BSiALvcg8o%2Bh5c9k%2FdklpMnOFW8stDx4LZYqElKKtU6j211rNcLGGm%2BJaC1itMk7cRTJWC0s0noKHU9h1BjMByjmRwco4gBFFiCRBzXWjmJKuzGPm81eSwjRbArR7nVkWzZbvZiiEHMNY%2BTZGMKMIdwdZO4ONvUYrvgBfqOClwF8TjCQFUpFUHqCkhGUmqDMCcpBdV8a3%2FDVA2l8wcNlbixzs5rYvL%2FN7tu8r1IC5sbb2SF5cWHeP998iE11UOtQLjq02%2BMdyuNmW%2Fa6TLVaUSRpyGkj7MLrCtofW0gd6Rk5%2BZdDNt%2FotzfA2R682YPQAVjxKlg56TYo2Mak1aMYpU%2BETtWWsC63vs%2B26sImkLZClp9AvhVsm0PyymKad7%2F7AErsn%2Fls9MeFRyc%2FgnAVMlfhtv6RoG%2FuTa7Zkuxcs6Unj69kuU70iM3XfD1nuTr%2B5Xtqq7ROXjznx1%2B8JebEvHx4Q%2Fn8EkulTvuefHVWS6nceeuEIt9f9LcUv1r4jbOFS4vs0tW3z19MMqe81zadgukZIU%2BfQOgZeeGpX3zhUzf%2FhHZTuKJCUuyTZUDbPYjsDny26nlL4MwK8yxAWVQT1%2BCrptEERq0w4xX8fzBf1dv%2BHvouAMvvIk0qDFyFganAzBi%2BOD7JM7d%2F5tfmIsBNMOHGBTvcOPPpkbleH9RUO6axog3F44jHXUZlFLcizqJQdXmbhcj9TN1%2B%2BcG%2FAAAA%2F%2F8BAAD%2F%2Fy8DgKGaBAAA HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Cookie: u_pl=16036701; uid_id2=fde9cddc-6277-4212-b4c9-9a03b6f99dfe:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:03 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: adc6b23d602a758c9780c05c922aa7e5
Strict-Transport-Security: max-age=0; includeSubdomains

impolitefreakish.com/watch.1687213928475.js?key=b4032932e88d0e7355e4b8768e649e7f&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1

173.233.137.52

0 B

URL
impolitefreakish.com/watch.1687213928475.js?key=b4032932e88d0e7355e4b8768e649e7f&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1687213928475.js?key=b4032932e88d0e7355e4b8768e649e7f&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1 HTTP/1.1
Host: impolitefreakish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cineycortosgay.com
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cineycortosgay.com
Access-Control-Allow-Origin: https://cineycortosgay.com
Access-Control-Allow-Credentials: true
Location: https://impolitefreakish.com/watch.1687213928475.js?key=b4032932e88d0e7355e4b8768e649e7f&kw=%5B%22ver%22%2C%22freier%22%2C%22fall%22%2C%22ca%C3%ADda%22%2C%22libre%22%2C%222013%22%2C%22online%22%2C%22subtitulos%22%2C%22espa%C3%B1ol%22%2C%22%C2%BB%22%2C%22cineycortosgay%22%2C%22com%22%5D&refer=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&tz=0&dev=e&res=14.3095&uuid=fde9cddc-6277-4212-b4c9-9a03b6f99dfe%3A1%3A1&shu=78ff24ee41045048057b9f647ca10dcbe1ca7f46c93043fe0ee94927006a6abceb1a87fc4f8048054f926b1eb53d2004a16ac57b9c5508a1b91c581858fb744fe5d545b9fdb91cac581b1dbc57781263ba4e879de4719bc8144ae9926fcbc234fe7f1a&pst=1701450723&rmtc=t
Set-Cookie: u_pl=16088341; expires=Sat, 02 Dec 2023 17:11:03 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjA4ODM0MSwiayI6ImI0MDMyOTMyZTg4ZDBlNzM1NWU0Yjg3NjhlNjQ5ZTdmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzY5NDU4LCJwaWQiOjExMTcwMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJhNzRuenVzdiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NpbmV5Y29ydG9zZ2F5LmNvbS92ZXItZnJlaWVyLWZhbGwtY2FpZGEtbGlicmUtMjAxMy1vbmxpbmUtc3VidGl0dWxvcy1lc3Bhbm9sLmh0bWwiLCJhciI6W119fQ.AKPkeC1O50bj50UGNSEhBMW-yCIF_TEoklh-aOVt4Js; expires=Fri, 01 Dec 2023 17:12:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7fac8e195a1df3439acea1177a4ddf67
Strict-Transport-Security: max-age=0; includeSubdomains

hqq.tv/js/adv/fuckadblock.js?2

190.115.19.71

4.0 kB

URL
hqq.tv/js/adv/fuckadblock.js?2
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
gzip compressed data, from Unix\012- data
Size
4.0 kB (3982 bytes)
Hash
05c66c8883a6de5cc2e1b5293fa4c624
03bdd4dbefa9991518744ec37c44af9602296d28
642b05886b7004ca5186c06b4e5a1aeb0c648a31466a316d821cffa52750c557

HTTP Headers

GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png

45.133.44.10

67 kB

URL
cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
67 kB (67174 bytes)
Hash
a98b4585db1c6db06d6857c73bb75fcb
02a896b08a79e873b2dd26200ee1f0665dc1c80a
fc08e863ffafe25aa63fe8b60c2d5135fc5f52caf0abae4da3f1a90e0f8ed96c

HTTP Headers

GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/png
content-length: 67174
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Sun, 03 Dec 2023 17:11:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hqq.tv/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=23134886

190.115.19.71

2 B

URL
hqq.tv/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=23134886
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=23134886 HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Cookie: uid=U*Va1UWj*gJJ7ZpZmxoyI0nSNfnojuRD
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/json
content-length: 2
server: Google Frontend
access-control-allow-origin: *
x-inferno-location: banner
X-Firefox-Spdy: h2

hqq.tv/js/script_33.10.js?16

190.115.19.71

3.6 kB

URL
hqq.tv/js/script_33.10.js?16
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2010)
Size
3.6 kB (3600 bytes)
Hash
7541600dc779ccb4268d1f32c5dc111a
c15181c5620f819e5d19032f8cf3639b33527629
2004b7a397b8089bc41e445cc29c47c197af38ddb2016816ad345df28970ab43

HTTP Headers

GET /js/script_33.10.js?16 HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Cookie: uid=U*Va1UWj*gJJ7ZpZmxoyI0nSNfnojuRD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 07 Oct 2023 10:41:14 GMT
etag: W/"652135ca-1b3c"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

25 kB

URL
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sun, 03 Dec 2023 17:11:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ok.ru/res/js/app/CurrentUserCfg_a412e224.js

5.61.23.11

448 B

URL
ok.ru/res/js/app/CurrentUserCfg_a412e224.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (1040)
Size
448 B (448 bytes)
Hash
db9ed780c05b981a9e3c7e72cd15aadd
ff09939d7fe2a55267987a0de51d9c81544942ea
011b7516858ffe5359b854ea3653600ed2dc3b172645cdb2f478230a760cc86f

HTTP Headers

GET /res/js/app/CurrentUserCfg_a412e224.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
content-length: 448
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:03 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/cdn-s1.cfglobalcdn.com/flv/api/files/thumbs/2017/05/01/14936551252rnm7-640x480-1.jpg

192.0.77.2

8.4 kB

URL
i0.wp.com/cdn-s1.cfglobalcdn.com/flv/api/files/thumbs/2017/05/01/14936551252rnm7-640x480-1.jpg
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 894x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.4 kB (8372 bytes)
Hash
7c1cdbf538a3ff09248d9be9ffe4462a
dc7a5eea6b5e7ade8183ea99553b67c8122e8b1e
17f360869c5a9396a40928b4856c151150b49070ce1224917dd3e24a51c8bd38

HTTP Headers

GET /cdn-s1.cfglobalcdn.com/flv/api/files/thumbs/2017/05/01/14936551252rnm7-640x480-1.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/webp
content-length: 8372
last-modified: Fri, 01 Dec 2023 17:11:03 GMT
expires: Mon, 01 Dec 2025 05:11:03 GMT
cache-control: public, max-age=63115200
link: <http://cdn-s1.cfglobalcdn.com/flv/api/files/thumbs/2017/05/01/14936551252rnm7-640x480-1.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b90fca8e3d98d07f"
vary: Accept
x-nc: MISS arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

pixel.wp.com/t.gif?blog=187110677&post=6830&blog_id=187110677&jetpack_version=12.8.1&_ui=58lsQ%2Bu5qBP9i2pDq%2FXGfkIm&_ut=anon&_en=jetpack_pageview_timing&_ts=1701450668466&_tz=0&_lg=en-US&_pf=Linux%20x86_64&_ht=1024&_wd=1280&_sx=0&_sy=0&_dl=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&_dr=&protocol=h2&dns_latency=1&conn_latency=113&resp_latency=442&resp_duration=19&dom_interact=3249&dom_load=3281&page_load=3946&files_origin=40&files_ext=20&files_ssl=58&files_http1=21&files_http2=39&files_js=19&files_css=10&files_img=22&files_font=3&files_other=6&duration_js=9728&duration_css=3593&duration_img=5622&duration_font=1181&duration_other=2556&first_cf_paint=2175&rand=0.927483489769684

192.0.76.3

43 B

URL
pixel.wp.com/t.gif?blog=187110677&post=6830&blog_id=187110677&jetpack_version=12.8.1&_ui=58lsQ%2Bu5qBP9i2pDq%2FXGfkIm&_ut=anon&_en=jetpack_pageview_timing&_ts=1701450668466&_tz=0&_lg=en-US&_pf=Linux%20x86_64&_ht=1024&_wd=1280&_sx=0&_sy=0&_dl=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&_dr=&protocol=h2&dns_latency=1&conn_latency=113&resp_latency=442&resp_duration=19&dom_interact=3249&dom_load=3281&page_load=3946&files_origin=40&files_ext=20&files_ssl=58&files_http1=21&files_http2=39&files_js=19&files_css=10&files_img=22&files_font=3&files_other=6&duration_js=9728&duration_css=3593&duration_img=5622&duration_font=1181&duration_other=2556&first_cf_paint=2175&rand=0.927483489769684
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /t.gif?blog=187110677&post=6830&blog_id=187110677&jetpack_version=12.8.1&_ui=58lsQ%2Bu5qBP9i2pDq%2FXGfkIm&_ut=anon&_en=jetpack_pageview_timing&_ts=1701450668466&_tz=0&_lg=en-US&_pf=Linux%20x86_64&_ht=1024&_wd=1280&_sx=0&_sy=0&_dl=https%3A%2F%2Fcineycortosgay.com%2Fver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html&_dr=&protocol=h2&dns_latency=1&conn_latency=113&resp_latency=442&resp_duration=19&dom_interact=3249&dom_load=3281&page_load=3946&files_origin=40&files_ext=20&files_ssl=58&files_http1=21&files_http2=39&files_js=19&files_css=10&files_img=22&files_font=3&files_other=6&duration_js=9728&duration_css=3593&duration_img=5622&duration_font=1181&duration_other=2556&first_cf_paint=2175&rand=0.927483489769684 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.10

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Sun, 03 Dec 2023 17:11:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ok.ru/res/js/app/GwtConfig_828bddda.js

5.61.23.11

335 B

URL
ok.ru/res/js/app/GwtConfig_828bddda.js
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
ASCII text, with very long lines (564)
Size
335 B (335 bytes)
Hash
52abb011cb05ae817b45ccd2b0b19af5
618fbc86477af20933cc93bd0709ff40692377e6
11e74bb775c668e99f0f4236c28645a76a9d14f42a7f3f54ebe24ba7256b649b

HTTP Headers

GET /res/js/app/GwtConfig_828bddda.js HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok.ru/videoembed/277823228550
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
content-length: 335
last-modified: Wed, 29 Nov 2023 10:02:00 GMT
vary: Accept-Encoding
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:03 GMT
cache-control: max-age=31536000
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

30 kB

URL
c0.wp.com/c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (4186), with no line terminators
Size
30 kB (29811 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.4.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 17:11:00 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sat, 30 Nov 2024 17:11:00 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

accordancespotted.com/pixel/sbe?t=3&error=timeout

192.243.59.13

0 B

URL
accordancespotted.com/pixel/sbe?t=3&error=timeout
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbe?t=3&error=timeout HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Cookie: u_pl=16036701; uid_id2=fde9cddc-6277-4212-b4c9-9a03b6f99dfe:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.109.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1689725
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQn583%2F8Cyn6%2FWJvhd6ugijNU3fBkBaS4XVoj26TVh28wO6pbG6OoD3cdVp45AipVYn0jaMZ8qwNZ29CsnQ4w6PRy87s%2FSaIHcCZYbRZr3VQkaaGRc5WEVZD6%2Fn1cbDy%2BwPMwMiMhGSE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2799c560666-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15813705

192.243.59.12

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15813705
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (452)
Size
1.4 kB (1370 bytes)
Hash
73a9226b4a55120d523c984ed1c4a68b
d6e644e11a3bf1e235e3d220f062aeb16d4c6950
20dd1d8e8402d2109ab9213ea60f8bd3f62260fb9ace2996f6b03ab965da72b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=15813705 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cineycortosgay.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Sat, 02 Dec 2023 17:11:04 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU4MTM3MDUiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jaW5leWNvcnRvc2dheS5jb20vIiwiYXIiOltdfX0.eROb619Py8R18iVlaxzpuA7YdiDf2ytb6ZoMKg3lqp0; expires=Fri, 01 Dec 2023 17:12:04 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef0cc0e4c4338b165c1819d09e1d334d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1ODEzNzA1JnBzdD0xNzAxNDUwNzI0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY2luZXljb3J0b3NnYXkuY29tJTJGJnJtdGM9dCZzaHU9YWRhNzViYmIwYTlhZTlhNDI3NmZiYTAzOWI0M2IwYTJiNDA3NGE1MDliMzI1ZTNhMjU2NjBiOThiN2ZmNmNmZDUzZjc5NmY1YmQ2M2FkODcwMDBiMjkxOGVkMGVjMGI2YjRhZWU1MGVkMTA3NzgwM2M0ZjA4YjZiZGEzMDI4YTQxZTBhZDcxYjJhZThhMTNkN2MwOGQ0OGZlZTE1YzM0ZGJmOTBmYQ%3D%3D&uuid=&pii=&in=false

173.233.137.44

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1ODEzNzA1JnBzdD0xNzAxNDUwNzI0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY2luZXljb3J0b3NnYXkuY29tJTJGJnJtdGM9dCZzaHU9YWRhNzViYmIwYTlhZTlhNDI3NmZiYTAzOWI0M2IwYTJiNDA3NGE1MDliMzI1ZTNhMjU2NjBiOThiN2ZmNmNmZDUzZjc5NmY1YmQ2M2FkODcwMDBiMjkxOGVkMGVjMGI2YjRhZWU1MGVkMTA3NzgwM2M0ZjA4YjZiZGEzMDI4YTQxZTBhZDcxYjJhZThhMTNkN2MwOGQ0OGZlZTE1YzM0ZGJmOTBmYQ%3D%3D&uuid=&pii=&in=false
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE1ODEzNzA1JnBzdD0xNzAxNDUwNzI0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY2luZXljb3J0b3NnYXkuY29tJTJGJnJtdGM9dCZzaHU9YWRhNzViYmIwYTlhZTlhNDI3NmZiYTAzOWI0M2IwYTJiNDA3NGE1MDliMzI1ZTNhMjU2NjBiOThiN2ZmNmNmZDUzZjc5NmY1YmQ2M2FkODcwMDBiMjkxOGVkMGVjMGI2YjRhZWU1MGVkMTA3NzgwM2M0ZjA4YjZiZGEzMDI4YTQxZTBhZDcxYjJhZThhMTNkN2MwOGQ0OGZlZTE1YzM0ZGJmOTBmYQ%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTU4MTM3MDUiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jaW5leWNvcnRvc2dheS5jb20vIiwiYXIiOltdfX0.eROb619Py8R18iVlaxzpuA7YdiDf2ytb6ZoMKg3lqp0; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe3ae3754f2dc48a8bfdcf1373e61c3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprcd70923f2fdff0410cfd47c7faff1b006=4641329; expires=Sat, 02 Dec 2023 17:11:05 GMT
pdhtkv=true; expires=Sat, 02 Dec 2023 17:11:05 GMT
uncs=1; expires=Sat, 02 Dec 2023 17:11:05 GMT
pdhtkv28=true; expires=Sat, 02 Dec 2023 17:11:05 GMT
uncs28=1; expires=Sat, 02 Dec 2023 17:11:05 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b1b15eb9f63b1cad65a53bbd85b1d1e
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe3ae3754f2dc48a8bfdcf1373e61c3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe3ae3754f2dc48a8bfdcf1373e61c3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe3ae3754f2dc48a8bfdcf1373e61c3&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Fri, 01 Dec 2023 17:11:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9x9uqj2e8; expires=Sat, 02-Dec-2023 17:11:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9x9uqj2e8-h9x9uqj2e8-hq1m-0-q5a4bl-ftxofe-ft8pdz-93606e; expires=Sat, 02-Dec-2023 17:11:05 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=85070h9x9uqj2e8fe8&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=85070h9x9uqj2e8fe8&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=85070h9x9uqj2e8fe8&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=85070h9x9uqj2e8fe8&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 01 Dec 2023 17:11:06 GMT
content-length: 0
location: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
set-cookie: zKByXHsQK0ydGD7DogbGyA=5; max-age=345600; path=/; samesite=lax
__pl=980c96f8-2e8d-4f10-9f93-56309e4225c0; expires=Mon, 01 Dec 2025 17:11:05 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zD9ZHdRZRrn%2FgfQZrvDiwFFW6RYF%2FnGUt71jGvDFUiapUwZ%2BmiSs3Vf7K1p0hZmpbSH9Imjp2LxwZU2Z0tFR6Ic7%2F7n%2BYOM4Yoic7LjiRUjfb6ZzExZYDZykxx0iDxXza14Q4QP0uDFWfrpq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ecf2861a8db524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/assets/2.png

172.64.103.19

1.1 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/2.png
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1061 bytes)
Hash
d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

HTTP Headers

GET /eyes-robot/assets/2.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: image/png
content-length: 1061
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-425"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5329
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPhfCxkepWP%2FRAq8lNf92DJ3%2FAeSNu7e%2Fl%2Bhya4pMI8bbh2rgkSYPH1G4g0R3Q%2F%2F42vEhJdCKCx%2Bun1l28SvoiyaNEA3dgMEjVAPWaB7OVTYXJgDrN54v%2FbO2zJd2aetaNfsLaOW4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2884fa623dd-LHR
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/eyes-robot/assets/1.png

172.64.103.19

11 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/1.png
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6480
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ND1LjEoxDwFLagj9t062pYY246hNzpkIHD7uXTUZEyglIWUzaDsbJQhNTPFNaw7sVdbQoqGgJBYn8wzGsYhsVlHZpuc3Gz6g%2BvQd2oaUYFi5IsE6aN%2F7qb2gQ1d%2BY7TPdjB49QAAyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2884fa423dd-LHR
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/eyes-robot/assets/trls.js

172.64.103.19

13 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/trls.js
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
13 kB (12776 bytes)
Hash
0cdacbfa8d68265ac3893b159a75682a
a85878b59036d00ac878739dc187305bc29df8c3
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

HTTP Headers

GET /eyes-robot/assets/trls.js HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-2af6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTo3jXdKbzxnPP1lpvpBZXD46%2FZ3f%2Fo1XwKpq0T0m1oiiJVETaCBgQ9Q4jl5ZAREyTfArLK8MQaMavy0C9PXXlnBLVgbLLtoosIEiMFQ5PYKfCMM%2FbZ349OfmJlZrjslQ1Wot9uIrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2884fa023dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

vvfal.veinmaster.top/favicon.ico

172.64.103.19

0 B

URL
vvfal.veinmaster.top/favicon.ico
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 01 Dec 2023 17:11:06 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6458
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMDNDAGQiTIQRmys%2FGbmAbC6L%2B18evaXQIU8JdQdKBKOu9EB4lxhPDUUbVBLce%2BKZsAIuphaEC1nu8edV3mv5mN%2FeFHlbWGcCq5hsl%2FPm%2FSYyRADx4QiVf%2BuOsy1vBIIKqBOEF%2Fe4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf289795f23dd-LHR
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 126152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js

104.16.123.175

42 kB

URL
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
42 kB (41879 bytes)
Hash
d5528dde0006c78be04817327c2f9b6f
31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

HTTP Headers

GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01HFXFQD761P7QTCC22CPCK305-arn
cf-cache-status: HIT
age: 727781
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82ecf26fcf2e56a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

a.veinmaster.top/eyes-robot/assets/1.png

172.64.103.19

11 kB

URL
a.veinmaster.top/eyes-robot/assets/1.png
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10591 bytes)
Hash
a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

HTTP Headers

GET /eyes-robot/assets/1.png HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: image/png
content-length: 10591
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: "6569b076-295f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5584
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djRXD4vyBVcehdih3PVta5CKkrgkGLe%2BOi2dOR4Fp17E6w4SPmY%2BeFRaxs1qzbK8kTgk1px%2BTkxz4ncWdwtCm%2BXasfHfuyiG9qydnNqHBwQsSafvUiFl0KKD9EQg1S7NOCyP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf28bad0823dd-LHR
alt-svc: h3=":443"; ma=86400

hqq.tv/js/embed.232.js?736

190.115.19.71

49 kB

URL
hqq.tv/js/embed.232.js?736
IP
190.115.19.71:0
ASN
#262254 DDOS-GUARD CORP.

File type
gzip compressed data, from Unix\012- data
Size
49 kB (48596 bytes)
Hash
a6bf1e9c737c96c705f1b437211e6388
04e49e35abac077b48be4420b98d5701352e0a27
9cd073e02cb4a5af789edb13b1eb8e6899920c33949a7bb6b3927a29fc0adb42

HTTP Headers

GET /js/embed.232.js?736 HTTP/1.1
Host: hqq.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hqq.tv/player/embed_player.php?vid=EE5uzZFVUFVk&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:01 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 18 Nov 2023 19:14:49 GMT
etag: W/"65590d29-2a6ef"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2

vvfal.veinmaster.top/eyes-robot/assets/style.css

172.64.103.19

27 kB

URL
vvfal.veinmaster.top/eyes-robot/assets/style.css
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
27 kB (27283 bytes)
Hash
a18afa3eac509b6062c9362a725ac421
5e06e9b3af42189e9456a7ea3bda665e10c86405
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

HTTP Headers

GET /eyes-robot/assets/style.css HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-cf6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJcd%2BCRHCG4VbdJvotMhZR9%2Bi7NEeXTgb%2BnSXAPbpZEdZGcJMRnhfs3DPkuJtxXjpAPO0pldqcUDo9LBqKl082PEK%2B21Gq9iX2Rd1gjxIiBx%2BJyyW6xDAX5nFX6K2AjIXwcdvEpmdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2884fa123dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

a.veinmaster.top/favicon.ico

172.64.103.19

0 B

URL
a.veinmaster.top/favicon.ico
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 01 Dec 2023 17:11:06 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4273
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D3QVfjQSpifEjDVCcWHOW05YEIIWZmxXdd%2BJfXaBgBTgp%2BWFHz0QhNDUSxrrDa%2BKtVHVC1quS1eyStzrPckWWUvFpkngjIi5BoOlmw9PBu97rrmpGsreBwhI314lJQup0nuS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf28cae7d23dd-LHR
alt-svc: h3=":443"; ma=86400

cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA

172.64.103.19

9.5 kB

URL
cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
9.5 kB (9540 bytes)
Hash
512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a

HTTP Headers

GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Cookie: __psu=fb8c4342-7156-40b8-9828-0f0022a72cf9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:07 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tej%2B657uUjj2Ej5DUmdYHtbTWeEt3Hg%2BEMcDyfKQLc5oamdZNyXE6IMxHdVjSEUGjMQK80QznCWCP6EUo8nn5v41Mz5n9AFAv3GCUmR3hioMeu4fMzVoksFuj2FmqDITGZY6XPuLiADCP4E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf28cbe8b23dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 129935
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d

192.243.59.12

1.3 kB

URL
www.toprevenuegate.com/zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (412)
Size
1.3 kB (1345 bytes)
Hash
c35719c505d64e38d85959bfd9a13418
b917419cf7abdc0b941ab274ff5f47f135c0649b
de64be27ad85e844b54c57779688baf4155698f14c693e18b290bfa36cb153b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zj77nccnbs?key=7c1ef88f2943ca666bff02795f23060d HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 17:11:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19854905; expires=Sat, 02 Dec 2023 17:11:07 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; expires=Fri, 01 Dec 2023 17:12:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed7ed990a86ed309313cfb1f0c32e6fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965

172.64.103.19

445 B

URL
vvfal.veinmaster.top/eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
445 B (445 bytes)
Hash
d091598187b0c2607db0dc04029e3457
0594d408ea97d509719300d8e4c19ce49078f55b
9f40361e807d9f0d4bbb68b5e68f9626231ae6b04fb26262190529eff247ddf8

HTTP Headers

GET /eyes-robot/?pl=zKByXHsQK0ydGD7DogbGyA&sm=eyes-robot&click_id=85070h9x9uqj2e8fe8&sub_id=16122660&nrid=c5479384b5564e6f9cea3fd25e55e18e&hash=rDbj1UophPPl8036QlMsJg&exp=1701450965 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: text/html
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BefpNq820ddR12V37pAdlR%2BgHzTSsVKOfhQZgM%2Fvs6yp723CPEBxdNLVMw%2BYe6bI0bkB9mGDjUPQj5ZqS2AXoOUC%2BWqyEsIBdrxL14FgNeY9gtf3GHlMxyt4icmLplKakwBoBawJkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ecf2873afc63ff-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905

13.107.213.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; domain=.unibet.com; expires=Sun, 01-Dec-3022 17:11:08 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0rBNqZQAAAACqHhZP203kQaMHcxVgIuUdU1ZHMjBFREdFMDYwNgAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Fri, 01 Dec 2023 17:11:08 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 01 Dec 2023 17:11:09 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node0g2j5mddgq7kdcis1xul1u04891552.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0g2j5mddgq7kdcis1xul1u0489; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 17:11:09 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 17:11:09 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 17:11:09 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Fri, 01 Dec 2023 17:11:09 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Fri, 01 Dec 2023 17:11:09 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Fri, 01 Dec 2023 17:11:09 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

104.18.43.104

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 01 Dec 2023 17:11:09 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf29d4d6a5690-OSL
X-Firefox-Spdy: h2

ok.ru/videoembed/277823228550

5.61.23.11

51 kB

URL
ok.ru/videoembed/277823228550
IP
5.61.23.11:0
ASN
#47764 Mail.Ru LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (62873)
Size
51 kB (50762 bytes)
Hash
f8574370c3cdf984494ff4509e443669
18ecb6c5808ba1bde11dd5cf2ae7c460107f87f6
ce9ba2d7b70e2e2731e537025244861391466814c50320031749ebe613de31a6

HTTP Headers

GET /videoembed/277823228550 HTTP/1.1
Host: ok.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: apache
date: Fri, 01 Dec 2023 17:11:02 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
set-cookie: bci=-6636513814576974603; Domain=.ok.ru; Expires=Wed, 19 Dec 2091 20:25:09 GMT; Path=/; Secure; HttpOnly
_statid=a10b501d-126a-4ea7-9daa-4ca7d98e692f; Domain=.ok.ru; Expires=Wed, 19 Dec 2091 20:25:09 GMT; Path=/; Secure; HttpOnly
__last_online=1701450662047; Expires=Wed, 19 Dec 2091 20:25:09 GMT; Path=/; Secure
content-security-policy: default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report;
content-security-policy-report-only: default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
last-modified: Wed, 13 Jul 2022 11:10:45 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: br
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

957 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
957 B (957 bytes)
Hash
e19225e3eb562a3b6a86f7b8b47c38fb
ce3eb55448afd8fc9dfa4ac82f8743a009d5e142
c152526a02cb050650847e999ae141eae985472fbf73c5a843160b3b6bb06f79

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: application/javascript
content-length: 957
last-modified: Mon, 25 Apr 2022 12:18:31 GMT
etag: "3bd-5dd799309c310"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

304 Not Modified

0 B

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 304 Not Modified
date: Fri, 01 Dec 2023 17:11:09 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

104.18.43.104

200 OK

40 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
40 kB (39681 bytes)
Hash
04fc48de78cbfc5d1557e9df399c7733
e1bf77a4fef1943b0eab404c4abbe9477cb373e0
4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ecf29d1d3a5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 554313
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.138

200 OK

99 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
99 kB (99131 bytes)
Hash
498204791bef417c1b9890ff9c9e9171
516e45723c2844e9e463cbd85d85a29c196bf92f
34a5264eca6bb1e0c72ed97615575c44bade55d7c678686697ebca32e90caf49

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 17:11:09 GMT
date: Fri, 01 Dec 2023 17:11:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA

172.64.103.19

12 kB

URL
cdnstatic.veinmaster.top/ps/config.js?id=zKByXHsQK0ydGD7DogbGyA
IP
172.64.103.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
12 kB (12080 bytes)
Hash
512755a6a34075b4a23c875b7ae24013
f8cecb3663d1d20fcf19a10af2a47d8238636ed3
d9cc92407823fafcd54c6e83fb6b9a51fbf3a4d9c73b2f4da64243d24ce2f81a

HTTP Headers

GET /ps/config.js?id=zKByXHsQK0ydGD7DogbGyA HTTP/1.1
Host: cdnstatic.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Cookie: __psu=fb8c4342-7156-40b8-9828-0f0022a72cf9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 17:11:06 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWEQLcnwdLVaSqQo26UD3IQKqjnRu1DQloFTr9BvgMquw1zsmD2oyVojLGjZUGt%2Bffmy%2BXKpiGq%2F0leLEUHkgPNblndR6MisT8kWEhSy%2FvC5JJ6HCs%2BYU9qPvJtK0Dti0gC3Wq1aweXX8E8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf289796b23dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

104.18.43.104

200 OK

21 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
21 kB (20795 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d3d585690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 46716
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

104.18.43.104

200 OK

18 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
18 kB (17802 bytes)
Hash
7bf01e92dd55d5fa298f55fbcb9afd30
4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc
2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: application/javascript
cf-ray: 82ecf29d2d4b5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 140257
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521

104.18.43.104

200 OK

76 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
76 kB (75593 bytes)
Hash
698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: text/html; charset=utf-8
cf-ray: 82ecf29afb4a5690-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ffc463f-101e-001d-5579-241fbe000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_A94D32DB745F4F31A86B1A8739086BB9;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

104.18.43.104

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Size
16 kB (16268 bytes)
Hash
678df4d8ef9b4aa957e5433dd94fb7e4
fd8a4109a2f00c19679f25d18be017541ff6fea5
bdbca379909a5f57b65b90094901804655f8cd82c05312a754320b7ae30c5187

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d4d655690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 142402
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 121294
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

104.18.43.104

200 OK

75 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Size
75 kB (74783 bytes)
Hash
41acdc0efbe24c5e799972ff33c90259
1e5df73ad5bfb5f075815bcb520fabe2e107fe2d
1a91fab46f128a63c74943fe6db7de41509d69ae9f4e36aab9f984cac94fa451

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d3d575690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 212396
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

104.18.43.104

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: text/css; charset=utf-8
cf-ray: 82ecf29d1d375690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 127389
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

104.18.43.104

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d4d675690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 33767
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

216.58.207.234

200 OK

87 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:51:14 GMT
expires: Fri, 29 Nov 2024 02:51:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 137995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.141.13

200 OK

54 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
54 kB (54456 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 39158
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnENXGPVehg3s%2FB2%2BnpRW51wieplXzC6np1lmrMWC%2B3jPgH4vVBbZhSRP2ItzrBmVrmMJJzgTgZeOLi6TTU3pL647LQ2bZHWBD5bkvzgMGvUyOTj4bDyVIVJA1e8XDmPH6Wlfu%2FB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ecf29dbf764194-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

104.18.43.104

200 OK

15 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
15 kB (14810 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ecf29e4e3b5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 32849
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192178 bytes)
Hash
7826c802b22735480a47c0098c4c3af0
ee22e91c2127146cebc3c601225945c44c26a789
64186a37dfa114c3dd30b6bf95cfe56a712fa2cde23df057c02980cff096d230

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 17:11:09 GMT
expires: Fri, 01 Dec 2023 17:11:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

104.18.43.104

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d2d4d5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 218821
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.138

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 17:11:03 GMT
date: Fri, 01 Dec 2023 17:11:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.10

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Sun, 03 Dec 2023 17:11:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.64.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:11 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 431
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2aa4fe67127-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.64.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:11 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 318
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2aa3fdd7127-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 130415
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.109.10

200 OK

84 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cineycortosgay.com/ver-freier-fall-caida-libre-2013-online-subtitulos-espanol.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:03 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 126442
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHwKYNk3MeDTIkp3V2S5SZpcm0CskSPcOuS8EaBr2IQ5wG%2FJ2oF7v%2BK0r2jN2WYT2FbF1cOdQodyXEfEEHvneAl1J1yWVXY4gSAyRb89WBUMPCBPeknigpazFBi6Wkc3UUk1sVE8f4RG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2799c540666-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDUwNzI3JnJtdGM9dCZzaHU9NWI4NzhmMmRmN2FmN2E4NmM0ZjZkOTM2MzhlODMxOTkwMmIyOWMwMWFiYjQ4MGEwY2YxMGVhZmExOWExMWYxYWMzM2E2ZWY5OTMzNWIyM2E4YzVkOGI0ZDViMGIxMjc4YWZhMzQ4ZTY4YjM5ZDEzMDJkYzU3ZjBkYmI1ZDAxNTc5MzA4MDY0NDEyOTk4Y2JlNmRjNGMzZjQ4YzBmMWQ2MjY4OWQ5YTdlMGIyMTdhNzAyNzU4NTY1ZTE3MGUxYQ%3D%3D&uuid=&pii=&in=false

173.233.137.44

302 Found

17 kB

URL User Request GET HTTP/1.1
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDUwNzI3JnJtdGM9dCZzaHU9NWI4NzhmMmRmN2FmN2E4NmM0ZjZkOTM2MzhlODMxOTkwMmIyOWMwMWFiYjQ4MGEwY2YxMGVhZmExOWExMWYxYWMzM2E2ZWY5OTMzNWIyM2E4YzVkOGI0ZDViMGIxMjc4YWZhMzQ4ZTY4YjM5ZDEzMDJkYzU3ZjBkYmI1ZDAxNTc5MzA4MDY0NDEyOTk4Y2JlNmRjNGMzZjQ4YzBmMWQ2MjY4OWQ5YTdlMGIyMTdhNzAyNzU4NTY1ZTE3MGUxYQ%3D%3D&uuid=&pii=&in=false
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDUwNzI3JnJtdGM9dCZzaHU9NWI4NzhmMmRmN2FmN2E4NmM0ZjZkOTM2MzhlODMxOTkwMmIyOWMwMWFiYjQ4MGEwY2YxMGVhZmExOWExMWYxYWMzM2E2ZWY5OTMzNWIyM2E4YzVkOGI0ZDViMGIxMjc4YWZhMzQ4ZTY4YjM5ZDEzMDJkYzU3ZjBkYmI1ZDAxNTc5MzA4MDY0NDEyOTk4Y2JlNmRjNGMzZjQ4YzBmMWQ2MjY4OWQ5YTdlMGIyMTdhNzAyNzU4NTY1ZTE3MGUxYQ%3D%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 17:11:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Sat, 02 Dec 2023 17:11:08 GMT
uncs=1; expires=Sat, 02 Dec 2023 17:11:08 GMT
pdhtkv28=true; expires=Sat, 02 Dec 2023 17:11:08 GMT
uncs28=1; expires=Sat, 02 Dec 2023 17:11:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d73ce189c3429fd71de44093c09907df
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.64.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.64.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:11 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 431
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ecf2aa5fef7127-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

104.18.43.104

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d3d635690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 130241
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

104.18.43.104

200 OK

32 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
32 kB (31807 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d4d6e5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 212472
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

104.18.43.104

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:10 GMT
content-type: image/x-icon
cf-ray: 82ecf29fbf5b5690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 212326
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 118773
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzVovGp9G0podqQx5ir0yR%2FKY4FSQMUofKi4PeUQVVeY0hrVWFdFI99i3WoK7tG0d0Hrc6zxEW26L%2FCr%2B5lrLGgqQjxGh1bU4S6eflejLVBYwIr9tiLqjKfzFrypAsT0QXfy3qVr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ecf29ee9604194-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

104.18.43.104

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d4d645690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 138780
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Fri, 01 Dec 2023 17:11:11 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

104.18.43.104

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82ecf29ece955690-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 140162
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 156856
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

104.18.43.104

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 82ecf29eae815690-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 41514
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

104.18.43.104

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ecf29d2d445690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 44058
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: text/html;charset=utf-8
x-request-id: ba9e22d5fa4a7d352566cc34134747b1
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Fri, 01 Dec 2023 17:11:53 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

104.18.43.104

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: image/svg+xml
cf-ray: 82ecf29d3d595690-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 134544
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:10 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_A94D32DB745F4F31A86B1A8739086BB9&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701450668982)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231211711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210647905833%7c1%22%7d%5d; __ucbt=node0g2j5mddgq7kdcis1xul1u0489; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_A94D32DB745F4F31A86B1A8739086BB9; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_A94D32DB745F4F31A86B1A8739086BB9%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_A94D32DB745F4F31A86B1A8739086BB9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:11:09 GMT
content-type: text/html;charset=utf-8
x-request-id: ba9e22d5fa4a7d352566cc34134747b1
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Fri, 01 Dec 2023 17:11:53 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations