Report - ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC

Report Overview

Visited public
2023-12-11 17:12:01
Tags
URL
ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Finishing URL
lidsaich.net/afu.php?zoneid=6003953&var=6003953&rid=IUzYL-eT4VvoQwPRHmPGTA%3D%3D&rhd=false
IP / ASN
104.21.45.48
#13335 CLOUDFLARENET
Title
Redirect

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ilcec2019.com	unknown	2022-10-11	2018-11-29 14:09:18	2023-12-09 16:08:24	5.7 kB	1.3 MB	172.67.209.180
heptagridterebralatap.com	unknown	unknown	No data	No data	1.0 kB	1.7 kB	104.21.34.137
sygox.com	unknown	2022-10-12	2015-07-27 03:00:24	2023-12-11 06:25:53	6.1 kB	1.8 MB	104.21.76.10
ecrwqu.com	577459	2021-11-09	2021-11-09 21:59:02	2023-12-11 06:11:49	559 B	374 B	185.162.85.2
34.102.137.201	unknown	unknown	2023-04-14 11:45:02	2023-04-14 11:45:02	693 B	225 B	34.102.137.201
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-11 05:28:44	547 B	1.4 kB	13.107.213.53
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-10 05:23:25	1.3 kB	1.7 kB	85.184.96.5
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-11 08:59:17	453 B	17 kB	142.250.74.106
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-11 05:13:54	483 B	24 kB	172.64.141.13
mmedia-saap.com	unknown	2020-03-16	2020-03-16 17:28:30	2023-12-04 08:27:39	449 B	779 B	104.21.87.141
pics4world.com	unknown	2022-10-12	2014-07-30 15:55:48	2023-12-11 07:36:40	9.3 kB	2.3 MB	104.21.63.230
minutemanguttiertrionym.com	unknown	2023-10-23	2023-11-22 07:56:40	2023-12-10 05:33:41	612 B	43 kB	172.67.150.201
mdakky.com	unknown	2023-10-12	2023-10-13 10:25:55	2023-12-09 06:10:53	532 B	184 B	185.162.85.20
lidsaich.net	unknown	2023-04-05	2023-04-06 02:00:20	2023-12-02 20:30:13	2.4 kB	34 kB	139.45.197.244
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-11 11:26:03	445 B	31 kB	142.250.74.42
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-11 10:10:55	435 B	68 kB	142.250.74.168
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-11 05:28:45	9.1 kB	191 kB	104.18.43.104
subimagohezekiahunbating.com	unknown	unknown	No data	No data	607 B	6.3 kB	172.67.159.83
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-11 10:04:41	8.2 kB	675 kB	216.58.207.227
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-10 17:58:57	535 B	678 B	139.45.195.8
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-12-09 11:39:10	3.9 kB	80 kB	85.184.96.28
datatechone.com	unknown	2021-12-24	2015-06-17 15:52:19	2023-12-05 23:02:13	538 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	ecrwqu.com	Sinkholed
2023-12-11	medium	lidsaich.net	Sinkholed
2023-12-11	medium	lidsaich.net	Sinkholed
2023-12-11	medium	lidsaich.net	Sinkholed
2023-12-11	medium	34.102.137.201	Sinkholed
2023-12-11	medium	datatechone.com	Sinkholed
2023-12-11	medium	lidsaich.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 17:04 Times Seen57564 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

		Size	First Seen	Last Seen
	#1 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (85)

URL IP Response Size

ilcec2019.com/images/education-online-books.png

172.67.209.180

310 kB

URL
ilcec2019.com/images/education-online-books.png
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced - data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:35 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3816
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V7%2FaVTe%2B0EyNvwz3feOD7QfV3C2Sma%2FzVoXJBDPVvsAZDswtcg6iwBYqbJBsh8Tn%2FWcnY3zLVCowGQnYowCr83qFXr4PUbLcyZ88hrdODRvL7X4WOk85T5EnRtF7AA9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59008ccb0b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK

172.67.209.180

28 kB

URL
ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
28 kB (28506 bytes)
Hash
f3b1d3c78d994d11f535e6d7c3cdd949
8f97ceff159fe611c01473cb2f6fc5bea01048c3
42fa03b54369580efa843423e2d017e1962beeeff91989aceae0f692b2dc5e6d

HTTP Headers

GET /File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:35 GMT
content-type: text/html;charset=UTF-8
x-powered-by: PHP/8.1.2
cache-control: no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rz2qB2Zz1KfvultIXN5ZD8zw5LlgHJ9bAcQ0R4sgaSTPol11Ga7GIxf8WU3PwqQRfyfOsw2ehyXYERVhSki0MLvOleZqvvIsbgk363g%2FyxWGmDmhUPdzu1Vdd1qUU7Qd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f58f23da6b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ilcec2019.com/images/avatar/portrait-young-redhead-bearded-male.jpg

172.67.209.180

26 kB

URL
ilcec2019.com/images/avatar/portrait-young-redhead-bearded-male.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (25921 bytes)
Hash
71e947fcdeaa5cf2a2a5dfb28e4921ec
cfa6b029f4437f5687bcd64227597584c47b7ab7
c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122

HTTP Headers

GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:35 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 10:21:33 GMT
etag: "6541-5da3f2939c540"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3815
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAbm28XC5ai57bj5w0eyOd7udGcOA8d8kEliOjlO0yk6Gn%2Fa78Re6P8DL8sdyck53ofTVh76H09dalmAYVGd%2FwkiTjP5ul%2Bse2yhTEwxYDdfD5A4832uXfBE3893wkmq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59009cd00b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/images/avatar/pretty-blonde-woman.jpg

172.67.209.180

30 kB

URL
ilcec2019.com/images/avatar/pretty-blonde-woman.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:35 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3815
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nO8o6EeTUjo6g%2BFDRyKMk98trX6vgBvwuUspmqqtJQ7Ok0R5quN38nfJXNXiCpYe332baeU7wVrVAAY2YOsdNWHxOW4IvfQHw3vgUr7NXdMMYpkXfit3zvIKcfjtYb69"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59009cd40b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

172.67.209.180

26 kB

URL
ilcec2019.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:35 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3815
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qp4FTUvV2GM6EMvRm0DsROKjaY5fLdEia9crUluEU7m1qt7oQU%2FpM0aeVVI4Y%2FmLIEfI0UMWaTQs6pU7CMIchYV0NFsCgO1lC8r6ZaJXK0IV0SeG8M1XaxpKtT5uKyeq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5900cd170b02-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ilcec2019.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ilcec2019.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ilcec2019.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ilcec2019.com/images/businessman-sitting-by-table-cafe.jpg

172.67.209.180

271 kB

URL
ilcec2019.com/images/businessman-sitting-by-table-cafe.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3 - data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:36 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1%2BSdL5%2F8UUbsg97WroK8T1NYMyvsb%2BbC7zG7zBw62AdT9aTRjbgOn%2BovvkFhuezgKdup9Nq%2BCzh9MNrUneGAsgPhsGxD5uDZmSRRvkNNocQ2XN1xxkCKOGi%2FcvF3ooX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5900cd1f0b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg

172.67.209.180

246 kB

URL
ilcec2019.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1200x800, components 3 - data
Size
246 kB (245913 bytes)
Hash
c2145d3454a8746683132d9e811983f1
8370e814fdff455fa198d7acb0842ef4f99e5911
0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4

HTTP Headers

GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:36 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 03:10:16 GMT
etag: "3c099-5f13f4a56f600"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3MdB5u%2BcjnHyKGqxQGCi%2BRCyqjxWZbofO3N38Bg7RGcY6HcABfkLZlvoE71epc%2FpDdcBH6kW22qTPM0yCBLVrUqYc0vTeWZfRsDdFK8vJXzCwWJmPfB3Gg7q%2BUpXrhQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5900cd1b0b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/images/tablet-screen-contents.jpg

172.67.209.180

220 kB

URL
ilcec2019.com/images/tablet-screen-contents.jpg
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1836x1280, components 3 - data
Size
220 kB (219556 bytes)
Hash
7cf6f9cbec501581b78c4c8e82f8b20d
c9bbda23f7cd24eca42a77a6961745abdbdc6c73
d70adc38af1c7c886564b0c2de6eeccb8e3ada43b4e4c9ae365a9491ac8a54a1

HTTP Headers

GET /images/tablet-screen-contents.jpg HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:36 GMT
content-type: image/jpeg
content-length: 219556
last-modified: Mon, 02 Jan 2023 03:08:26 GMT
etag: "359a4-5f13f43c87e80"
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ZmrCvg00I%2BK5kUYd%2F8hryrXcbiwAN5hl3but8NHBBeJK7wSuyQCuBIsd72fsMyMY02JA1COu%2BwhWx0Jkg%2FZUcUx2fP6naOJuW9VISevYD%2F2DPsJuMyfhoQel9LDQfiz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5900cd1a0b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/images/circle-scatter-haikei.png

172.67.209.180

28 kB

URL
ilcec2019.com/images/circle-scatter-haikei.png
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced - data
Size
28 kB (27975 bytes)
Hash
00fa544a8f7b68ecd2fa2269a8b29baf
f95d1fba2ca79d9eb64003c72b6d4124284b8006
6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61

HTTP Headers

GET /images/circle-scatter-haikei.png HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:37 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 02:34:34 GMT
etag: "6d47-5f13ecaaaa280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sl20zdZTYS3Kj7z95ibCYHqAA%2BERIhezf55ea4nyXmd2S6XNMB7dqd3ixRXThH3e8SdoIbKXu38g6PYY2CUcz0bSukimzYZMEuWykDcNg7R6Rz3cMt90ODeC4HKDGiS%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59025eda0b02-OSL
alt-svc: h3=":443"; ma=86400

ilcec2019.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf

172.67.209.180

112 kB

URL
ilcec2019.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 112440, version 1.0 - data
Size
112 kB (112440 bytes)
Hash
31e1300d419245fd27614630601dc74d
3a284b0618771f29da8eb6be900e99439253dce0
c69bf1ccae5f13b5aa4345dcfeb209a8148ad0bfa1e0678b93792aae0429c764

HTTP Headers

GET /fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/css/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:37 GMT
content-type: font/woff2
content-length: 112440
last-modified: Sat, 16 Jul 2022 23:30:40 GMT
etag: "1b738-5e3f485cec800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idlDBQf01j%2FvjKWFgmN702mT%2FXjtazMO2oo7nvOCk66JuD8yvrg3da2HfagmzfWRFhFONbxjjF5UCj7%2BpWAaqSs1AFbPDs%2BZHI2zy2bQL1npoPhOtH4T4LRvRCrFRHsL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59027efd0b02-OSL
alt-svc: h3=":443"; ma=86400

mmedia-saap.com/ads/banner.gif

104.21.87.141

42 B

URL
mmedia-saap.com/ads/banner.gif
IP
104.21.87.141:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1 - data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/banner.gif HTTP/1.1
Host: mmedia-saap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://minutemanguttiertrionym.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:38 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 Mar 2021 09:46:36 GMT
etag: "605c5bfc-2a"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3153
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7w9tY5S5uiQgTiganoZWpPV96x%2Fb5E2QKpszKK%2Fb44%2Fn4%2FzrdsbOmjVTMJwTNfH9jhxcLuC9%2FG%2FUO6yKgUv5DWr98X2NGRUvAnUuX9N3TYLbq3EjPRLy6as7Pl%2Bxnc48y1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f590f8918b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

heptagridterebralatap.com/Zcpj1g7AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ?jts=0&jtf=98304&jth=00c89dd50c

104.21.34.137

68 B

URL
heptagridterebralatap.com/Zcpj1g7AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ?jts=0&jtf=98304&jth=00c89dd50c
IP
104.21.34.137:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced - data
Size
68 B (68 bytes)
Hash
e679fbd466a2d656f194a5da4fa083cd
2aa795c7607aa6ea41313be88f1b7a9c1ab516b3
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

HTTP Headers

GET /Zcpj1g7AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ?jts=0&jtf=98304&jth=00c89dd50c HTTP/1.1
Host: heptagridterebralatap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://minutemanguttiertrionym.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:38 GMT
content-type: image/png
content-length: 68
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: bytes
last-modified: Wed, 23 Mar 2022 11:32:09 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FTTlI%2FmauxJsVglthqDSs2KJNxlPTXKQSphoq2zKiaqba4kyhrlzOEmY5CCwZkfusOouO67ltmRkX%2B9%2F79dhzRS20ZZQtaOMqPnCBA66vkroka7EhrJKRoOzIJwkL87GrVBfw%2BZY4dAZjyi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833f590faa9056c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pics4world.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg

104.21.63.230

24 kB

URL
pics4world.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
24 kB (24232 bytes)
Hash
2b00b22d0fc9400405e0a93d2c32581d
9ccb0bcdab3c25027740217df2a64ee2dc18ec93
1b5d07b73321be8f54ea2281e6f6520f4d730df706676895c99d7e988cb96ffc

HTTP Headers

GET /images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/jpeg
content-length: 24232
last-modified: Tue, 15 Mar 2022 07:33:50 GMT
etag: "5ea8-5da3cd16c9380"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYwflhubFia3H0kJfRVz%2FmlCGtmjb%2BfF8d4HyUNZTjKMR70sBS9eLOqEFi2WN5mcCebz9AvSCykUBZO%2FJwO1r%2F13aRLDhns9P4ZHcLeSmZZCPRKZ%2FSkkQpHvAGpJarhO2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b53712f-OSL
alt-svc: h3=":443"; ma=86400

minutemanguttiertrionym.com/b?token=ed3d087f42242a3c25a0daad9f37496c6d52b392&c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK

172.67.150.201

42 kB

URL
minutemanguttiertrionym.com/b?token=ed3d087f42242a3c25a0daad9f37496c6d52b392&c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
IP
172.67.150.201:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document, Unicode text, UTF-8 text, with very long lines (33597), with no line terminators
Size
42 kB (42339 bytes)
Hash
434938d7cf273c7df23bd8c73562aa51
db04e34cd1996693926849135982d22b74ba25d1
3b2cd9619434a613c8c53f0d992172dc8d8bc6713aaa4030a1e056466984c342

HTTP Headers

GET /b?token=ed3d087f42242a3c25a0daad9f37496c6d52b392&c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK HTTP/1.1
Host: minutemanguttiertrionym.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:37 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uCd3K1L%2BCwoKSuC986ctRAbjrUzkN8%2Bg1OdPgfdBDjGM6BnjGubQDIRkVIYT5r2Q9X7lbvdACdkspTRgX5iEdlxo%2F7LBjAs33jS4OP5r9sTBksOrsSbFcb0LSkyPzvNUL2wlXikq2BY%2B%2B1AHe0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833f590d5a137131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pics4world.com/images/education-online-books.png

104.21.63.230

310 kB

URL
pics4world.com/images/education-online-books.png
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced - data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0L%2FgYY8sKzwhnpfz%2B6u00PaW%2BhzcjjoBZ6KumG0NRf61kXSj7CVq0Kur5UI8morOVWjLk5ylpRdQursSMdC621dNRnvDz72WTWy%2BSF6Oph9xhV7WfpVtL%2FvmxXVLDjiaoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b52712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/avatar/pretty-blonde-woman.jpg

104.21.63.230

30 kB

URL
pics4world.com/images/avatar/pretty-blonde-woman.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMsMrzx%2FuzK1MGoOBYKIWi92%2Bhx3doxx87c9CJPhn8tGcMKGW7LPR550p1%2FI4WADT7faZKuJUTNxO7EKR2%2B1yZTDqszGj0%2BT8zSLASE7%2FkYTbli%2BBzlqk6Qvl95uOjdfZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b55712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

104.21.63.230

26 kB

URL
pics4world.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16aMjMlU49a58aKGJhr1I6DYDhjFf4ySdyVaP%2FUMwPGeK%2BtmaKMIWLIesQhZiVOTaqZgBBzNoHff6GkuvvRn8DlQNPn9tc6EZ9Ik1n5T1fLM2ZOL4yV8vN%2B27dEi9GhdyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b56712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ

104.21.63.230

224 kB

URL
pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
224 kB (223836 bytes)
Hash
9f5178e02ec02d47205d31b0f95ef747
610913c11c32cec612e413b96ff8b541bfd564f7
6c6fdb9a872996094fced605936f32ebf099a58efb91977f1ca89ce4ae4c2520

HTTP Headers

GET /file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://minutemanguttiertrionym.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: text/html;charset=UTF-8
x-powered-by: PHP/8.1.2
cache-control: no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVYC%2FHZxwmySKM6b2IYeQzPgMbyS4buPLYR4r3EkPWWZ5DFkf1aoXxTKjRQ9M5tmToZLTP32Ov21Sfu%2BkM3Vf34fi0tQG%2FxYLN4pSe3w8YtD3Q%2Fd2KMMAwdzBoWjuWrruA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59112ae5712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pics4world.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg

104.21.63.230

246 kB

URL
pics4world.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1200x800, components 3 - data
Size
246 kB (245913 bytes)
Hash
c2145d3454a8746683132d9e811983f1
8370e814fdff455fa198d7acb0842ef4f99e5911
0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4

HTTP Headers

GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 03:10:16 GMT
etag: "3c099-5f13f4a56f600"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjblU7ofe7EZOhR4ziUyMPP5yZMZNDq7OOF64Fd20XoAfBN4hgOakcXAavuxe7MlcRqTozO5JnICO8VIFLAwOVc1f3Y2hqbNkDb4EbrnG6HL1J%2Fi9cNHx64%2Bgf0F34aNKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b5a712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/businessman-sitting-by-table-cafe.jpg

104.21.63.230

271 kB

URL
pics4world.com/images/businessman-sitting-by-table-cafe.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3 - data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27QhFCC2Gi1s6clw9UgJndWy9fDAMR6K3E%2FxSMcGBgolc4JOP8eE7oQgEwAsgWyjV%2F30cCnLE9Y2CRI7TOk97kqPiHps997MKPbJG%2BYxWt9li6uzwUSx3nDe03DbkfsABw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b62712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/circle-scatter-haikei.png

104.21.63.230

28 kB

URL
pics4world.com/images/circle-scatter-haikei.png
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced - data
Size
28 kB (27975 bytes)
Hash
00fa544a8f7b68ecd2fa2269a8b29baf
f95d1fba2ca79d9eb64003c72b6d4124284b8006
6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61

HTTP Headers

GET /images/circle-scatter-haikei.png HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 02:34:34 GMT
etag: "6d47-5f13ecaaaa280"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YGULKq6Ww5yj5uRFkv%2FroYi8fsOyStI8sc%2BMrN78Kb1CZ5zkGUod7OVmLJPRcD9UoB6cjC6mPXQwouiqLE4CRnRrqx5XdSwczQZkZFPrvpEjstkvoFi7DFkU4jmCBwVgiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59205dcd712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/css/bootstrap.min.css

104.21.63.230

141 kB

URL
pics4world.com/css/bootstrap.min.css
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
141 kB (141448 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: text/css
last-modified: Sun, 02 Oct 2022 10:07:38 GMT
etag: W/"2f955-5ea0a658f0e80"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VZnZuApP%2F9LS8tbTqqCikqpKyWNnkC6%2Fxkb%2F3m%2BN2%2B4KqA1H8LdajK3BMmeV79KMBQY%2BcdTy9%2F9mkTZ7s7lzEp40bpD5niGRAoUkqb4Ysd7UAl4XScmY%2Fzf%2BDCKeE2cnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e6b36712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348643
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pics4world.com/js/jquery.min.js

104.21.63.230

37 kB

URL
pics4world.com/js/jquery.min.js
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32065)
Size
37 kB (37045 bytes)
Hash
48abd2372de119dfd7ffb96c8f307bfe
da49460a365d995ef121403cece389dafe496505
04685bdefed2099cae5f544505b8319ee7ae4d0a7f90a93b2e764bde5cad1de6

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: application/javascript
last-modified: Wed, 06 Oct 2021 07:11:36 GMT
etag: W/"14e9a-5cda9db4d5a00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHNJAhQLNArcOPj0jpQ6kb5xAmSyj2wE7x5SLr3wZETzwOVFEdn2UDv5UIl%2FJIJZDlBvk%2FEGRSFhVYPMtQ791QPm3yWfjGnmqsHJ0MHTPnhiyZxpxEMdvW7ql%2FhE2WmGlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b6c712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

heptagridterebralatap.com/pQpj1aQAM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx?jts=0&jtf=98304&jth=8f9e79eb3d

104.21.34.137

68 B

URL
heptagridterebralatap.com/pQpj1aQAM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx?jts=0&jtf=98304&jth=8f9e79eb3d
IP
104.21.34.137:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced - data
Size
68 B (68 bytes)
Hash
e679fbd466a2d656f194a5da4fa083cd
2aa795c7607aa6ea41313be88f1b7a9c1ab516b3
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

HTTP Headers

GET /pQpj1aQAM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx?jts=0&jtf=98304&jth=8f9e79eb3d HTTP/1.1
Host: heptagridterebralatap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://minutemanguttiertrionym.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:43 GMT
content-type: image/png
content-length: 68
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: bytes
last-modified: Mon, 28 Mar 2022 12:35:46 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYKrFQUJcUpo6lk8MU2w8g5c5F61A%2BNzv6FQ3WICyh0JQ6Nt7Qs%2FMQJW4KwgipmIQ4JON5vtJrMTS0%2FSGk3bBRD0x5wh%2FemTJPjNfAqEbPCyx3t%2BDymYLnP2HyV5WPkQy5xXV1NDKD34RPFG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833f592d886056a9-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg

104.21.76.10

24 kB

URL
sygox.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
24 kB (24232 bytes)
Hash
2b00b22d0fc9400405e0a93d2c32581d
9ccb0bcdab3c25027740217df2a64ee2dc18ec93
1b5d07b73321be8f54ea2281e6f6520f4d730df706676895c99d7e988cb96ffc

HTTP Headers

GET /images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 24232
last-modified: Tue, 15 Mar 2022 07:33:50 GMT
etag: "5ea8-5da3cd16c9380"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYW4RzbG5Geo4aEpnbraUC78F3kjj8IFeGLdamuHjSK3bIJQUUPH%2FxnDhfi1tyXvuPNVQRiO0eSgivvx0yaO9snLH3wJoNUiwDyzBGDx7Io2p8iM4Ed26LyKhTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593da94eb50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/avatar/portrait-young-redhead-bearded-male.jpg

104.21.76.10

26 kB

URL
sygox.com/images/avatar/portrait-young-redhead-bearded-male.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (25921 bytes)
Hash
71e947fcdeaa5cf2a2a5dfb28e4921ec
cfa6b029f4437f5687bcd64227597584c47b7ab7
c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122

HTTP Headers

GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 10:21:33 GMT
etag: "6541-5da3f2939c540"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lffOL2ThCh0EdO%2FQoFnSZrNeNfoTPf6Rhmb9Z5m%2F%2BEBI%2F2g6m%2Frx7xiR6jlHMSGuL4rYgM5khFIgzRuLEioS9pqFM0SigUv88lqov2KG4YjlswWbAj6T6y1Y4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593da950b50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/avatar/pretty-blonde-woman.jpg

104.21.76.10

30 kB

URL
sygox.com/images/avatar/pretty-blonde-woman.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewXiDOVwq9oxsRpJpPkfJE9ddGaqyPmpm%2FNOhhQxfmmNd5zb91rQrEAiNKS9YEuF7m5TBMH%2B6F3RgW8rje9mCDQy6UzisdV176y%2FthcK8N3yF%2BTxO7wz8mz64Zk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593da960b50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/education-online-books.png

104.21.76.10

310 kB

URL
sygox.com/images/education-online-books.png
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced - data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shy5NC%2BMh%2FU2IBux3zxLQSdhHFew9wzFsm8nzA7VDQaWTrrxS1XuLKv3BibszGxI19BT6lyv0WErLCAIcc4LOriC97JpJxIBj5jfHswUENwMKY6WnlZgx%2BzYayE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593d9944b50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

104.21.76.10

26 kB

URL
sygox.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0zO2yz6hJ%2B2BmcmTmAr41RpGT77jeCJdh2Iam%2B7gdAzmF1S1fvHdXzWs8ab%2Bpr2M3BT1%2BasqS3%2BWZ8kMS9Z%2BGvPw4JB%2B1e6Cuj6394kxXHqlMd7amcnZQqfWPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593da967b50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/tablet-screen-contents.jpg

104.21.76.10

220 kB

URL
sygox.com/images/tablet-screen-contents.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1836x1280, components 3 - data
Size
220 kB (219556 bytes)
Hash
7cf6f9cbec501581b78c4c8e82f8b20d
c9bbda23f7cd24eca42a77a6961745abdbdc6c73
d70adc38af1c7c886564b0c2de6eeccb8e3ada43b4e4c9ae365a9491ac8a54a1

HTTP Headers

GET /images/tablet-screen-contents.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 219556
last-modified: Mon, 02 Jan 2023 03:08:26 GMT
etag: "359a4-5f13f43c87e80"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUWKVvYzPNvaG%2Bh15xuFBd0wWs2qG%2F64x4VugNYdcDQkOaCzVSQKikSMLblvLXJ2bi7fWI6rtW96v46SRa%2Fo6GsAnYLXd%2FBDgFrWsBg244JJunjZL9euAfCm5p4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593da968b50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg

104.21.76.10

246 kB

URL
sygox.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1200x800, components 3 - data
Size
246 kB (245913 bytes)
Hash
c2145d3454a8746683132d9e811983f1
8370e814fdff455fa198d7acb0842ef4f99e5911
0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4

HTTP Headers

GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 03:10:16 GMT
etag: "3c099-5f13f4a56f600"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XeHazmcN9iAFP91BSz3vfHSt3tGkIfuZqYoTbpkEekPfMz8bAv8CrFsxMGweK8vrTyJEPl0UDTGyXID5HrdQjhsHICf1mmTN9C2hl9CVsGpHHRbuZgluN8PTn9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593db96cb50c-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/images/businessman-sitting-by-table-cafe.jpg

104.21.76.10

271 kB

URL
sygox.com/images/businessman-sitting-by-table-cafe.jpg
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3 - data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1093
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7%2FhFdFUAv5dVjcxmIMUNBW1vDAfWyfjUP%2FDwTU4PsaImcCjjto%2F8f8y79MvtmxxH1ISh4LSoeQdkvilFGyP2ORsGxrBmLYYkJDBuIn3%2BMGLxSHa%2BKBPsH%2FIHO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593db971b50c-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/css/templatemo-ebook-landing.css

104.21.63.230

37 kB

URL
pics4world.com/css/templatemo-ebook-landing.css
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators
Size
37 kB (37013 bytes)
Hash
32e58598f66eb8e3a283314f8690e9e2
681e6d5ed8d69293dba27833c7bd0344bd6380f3
2540a5dde18a5f70241cc5845e742d90dc6d100b7605037a19df006cc7e3798f

HTTP Headers

GET /css/templatemo-ebook-landing.css HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: text/css
last-modified: Wed, 29 Mar 2023 07:06:55 GMT
etag: W/"5705-5f8049f0f0138"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMX%2FdhrJKNaIiTKZiAbnFAjiVChV2ejJDz2lZiMu4wYiOOcnYwyID7a2hAlLGI%2Fg14lvdS9wSdetGQ8iX56IRAR5uYXme1FOr%2B8HBlWGExNJJJu6nJaF%2FVG3p%2BXes49F4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591e8b51712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sygox.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf

104.21.76.10

112 kB

URL
sygox.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 112440, version 1.0 - data
Size
112 kB (112440 bytes)
Hash
31e1300d419245fd27614630601dc74d
3a284b0618771f29da8eb6be900e99439253dce0
c69bf1ccae5f13b5aa4345dcfeb209a8148ad0bfa1e0678b93792aae0429c764

HTTP Headers

GET /fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/css/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:45 GMT
content-type: font/woff2
content-length: 112440
last-modified: Sat, 16 Jul 2022 23:30:40 GMT
etag: "1b738-5e3f485cec800"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzMI71hGkVoPMp1KMoUrtnlK0LJxx9lhh%2BMNizzh64JnLk7OBeeATF2eO8%2FDGgSMYQ2DejFi8kNFI00pjLpDW6UTKAopxon6d%2F4zt7KppoMXR4lTOo0bGKh8jbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593f1b52b50c-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sygox.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sygox.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sygox.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sygox.com/js/jquery.sticky.js

104.21.76.10

26 kB

URL
sygox.com/js/jquery.sticky.js
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
26 kB (26281 bytes)
Hash
b8746b98470305fb641e8a0b30d38c4d
495ab774710f8f9a1476f72c77aaf713c19da491
40223bede5475b91b43535458932df276f2750c236732faa669ba9faefd1d1f5

HTTP Headers

GET /js/jquery.sticky.js HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:47 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 07:36:54 GMT
etag: W/"1c85-5e5f23abf1180"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1OFJ0VT01mMrQ588m6x2yGcEeRQlGKkucerDvIf%2FyaIWcWM5ggq5whh2kGizMbbpeJjja64hyQvOoJln%2BLU5c1z169wjHTmQ4RDKR0bN7QAFA3o%2Bj7JTp81w8k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593dd99eb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pics4world.com/images/education-online-books.png

104.21.63.230

310 kB

URL
pics4world.com/images/education-online-books.png
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced - data
Size
310 kB (310455 bytes)
Hash
effbcadb714b24e2cabb8d64097c8dcc
239e471a633629d027c050e19b441a6ce9fa77b4
3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203

HTTP Headers

GET /images/education-online-books.png HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 07:38:01 GMT
etag: "4bcb7-5f0f29085e840"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9O%2B0R7GgmQP1%2BOx1ZDUOyKcAIq33frZpOT%2BwT%2BpYdjfuIjIfFdpKDVzcTaKbzTj5PjkUi3moWW8IWAtB7Z3E7VSljb9kksquxORsxZ6jHJVkFRFXf6CIgMbMlRttIthEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59693c97712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/avatar/portrait-young-redhead-bearded-male.jpg

104.21.63.230

26 kB

URL
pics4world.com/images/avatar/portrait-young-redhead-bearded-male.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (25921 bytes)
Hash
71e947fcdeaa5cf2a2a5dfb28e4921ec
cfa6b029f4437f5687bcd64227597584c47b7ab7
c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122

HTTP Headers

GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 10:21:33 GMT
etag: "6541-5da3f2939c540"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBUTYhYH6ia1ZawNOstdMFLJKo9D2qUrpuQ1fCkTc9QIm8Pa9VvgHIEj8jIdwTdDM%2FiFIP5ROEHFModk6XEy0kUZ1CK5aNC1fx9DvnOhza1zljeyQ9Z3hAUT4SlZWH0lIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59693ca5712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/avatar/pretty-blonde-woman.jpg

104.21.63.230

30 kB

URL
pics4world.com/images/avatar/pretty-blonde-woman.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
30 kB (30052 bytes)
Hash
83251e8a0f137b34118d0eba449b5471
c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62
b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411

HTTP Headers

GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 04:47:17 GMT
etag: "7564-5da265ff41f40"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zi9bljZURlP%2BgJaJUEtgmyq3SM9TFe9pO58f26rPbQD8jxx3zZpnSKl3nITcXcldG3mnQlcBmdRMWx1LIwI60vZsLNWSc44CV7WnOOi3%2BcTxrY%2B4P7AZyAvfdFFTOfI3aw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59693cac712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg

104.21.63.230

26 kB

URL
pics4world.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 - data
Size
26 kB (26473 bytes)
Hash
2c1eba2ef33f5d5dff9e8dd2b04073ce
cb767536742c4844448bb69aa3da8858c77dcf63
f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04

HTTP Headers

GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 04:47:35 GMT
etag: "6769-5da266106c7c0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7OvpbNmYjdHNpHvtrvtN%2FBAwRi51DEz46oZMKAELnIP3i3Fc%2BOGWe4JQeVWFZQkt7nzq2UO4AuOJcB7PnnZeWbuDCAde20WS36TZQYZP2NdG74soNhx0EnI3z1EeIVNZxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59693caf712f-OSL
alt-svc: h3=":443"; ma=86400

sygox.com/js/bootstrap.bundle.min.js

104.21.76.10

244 kB

URL
sygox.com/js/bootstrap.bundle.min.js
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65299)
Size
244 kB (243641 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:47 GMT
content-type: application/javascript
last-modified: Sun, 02 Oct 2022 10:07:38 GMT
etag: W/"13a70-5ea0a658f0e80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uouidztMx7B7OPS1Svw1127LL5J80UK5ghjmtHCwH%2B%2FUKfyzSo43DVBeHOUqpwtz30S8pKwsqWtHw3jzrOdChhSaJL7NDWzxCBcX%2FiQVGstFsaOJs5ZoAJGESxI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593dc98bb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sygox.com/js/jquery.min.js

104.21.76.10

277 kB

URL
sygox.com/js/jquery.min.js
IP
104.21.76.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32065)
Size
277 kB (276941 bytes)
Hash
48abd2372de119dfd7ffb96c8f307bfe
da49460a365d995ef121403cece389dafe496505
04685bdefed2099cae5f544505b8319ee7ae4d0a7f90a93b2e764bde5cad1de6

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: sygox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/file.zip?c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:47 GMT
content-type: application/javascript
last-modified: Wed, 06 Oct 2021 07:11:36 GMT
etag: W/"14e9a-5cda9db4d5a00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUFshbazL54Q9c5D%2Bb6NDeK5zLNgbPG2B3N3Y9tby6OudaujzcdFdQJ7uSzkJLAf%2BRQHc%2FikWlauMJEKs%2FPkqpzGB%2FOWhrBpwtnyqIc2477TbT95tB8VBJKhFFc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f593dc989b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pics4world.com/images/businessman-sitting-by-table-cafe.jpg

104.21.63.230

271 kB

URL
pics4world.com/images/businessman-sitting-by-table-cafe.jpg
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 1920x1280, components 3 - data
Size
271 kB (271312 bytes)
Hash
51dc9f63ce344cc166d6f2ae3f9c998e
079bcd439c8959ab809d38a8d739fb04b6e83fcf
061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14

HTTP Headers

GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 03:09:46 GMT
etag: "423d0-5f13f488d3280"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iq5LSKYXuBkgOgnCsmvzsSU1liOQpiq9dKmSgf45f4r6LcSBDhSQqw0pULmeQ5RynocRLKC0%2F8uvWxlUSJ1iiSYZHGHrq%2Bm2AwGoorGZo7VkAxTAw8XLNGb7e6VF1YEzhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f59694cba712f-OSL
alt-svc: h3=":443"; ma=86400

pics4world.com/images/circle-scatter-haikei.png

104.21.63.230

28 kB

URL
pics4world.com/images/circle-scatter-haikei.png
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced - data
Size
28 kB (27975 bytes)
Hash
00fa544a8f7b68ecd2fa2269a8b29baf
f95d1fba2ca79d9eb64003c72b6d4124284b8006
6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61

HTTP Headers

GET /images/circle-scatter-haikei.png HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:52 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 02:34:34 GMT
etag: "6d47-5f13ecaaaa280"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6468
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dtbSTqV6HIIdWW0%2FrMUvjJP9ZHMXYH91s55YQicbawd9TtKH36BPTMR5ISp8oZqFLayaxTSY9xHkqJQAKkJ2HvZSX5AzQAnBXEPARAEvJJ5%2FPZ5Nf6jPqbNpPrwSRoCfAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f596a9e59712f-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348655
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348655
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pics4world.com/js/jquery.sticky.js

104.21.63.230

172 kB

URL
pics4world.com/js/jquery.sticky.js
IP
104.21.63.230:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
172 kB (172505 bytes)
Hash
b8746b98470305fb641e8a0b30d38c4d
495ab774710f8f9a1476f72c77aaf713c19da491
40223bede5475b91b43535458932df276f2750c236732faa669ba9faefd1d1f5

HTTP Headers

GET /js/jquery.sticky.js HTTP/1.1
Host: pics4world.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pics4world.com/file.zip?c=AMlCd2UPFgAA51sCAE5PFwAMAAAAAADZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:40 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 07:36:54 GMT
etag: W/"1c85-5e5f23abf1180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8ga4euVr7zP3TVMRaVs8CvCz2KGexsz3p0egGmt5p3tdfLwpbDbvmagzdciM94aHu%2Fbj92tzK0Y%2BqWbQSVjRmduvO0M0CkQE3WXB4x8fFycDuI1i6l7%2FDT%2BUxaCkQPBHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f591eab8a712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2

216.58.207.227

51 kB

URL
fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51260, version 1.0 - data
Size
51 kB (51260 bytes)
Hash
74bf64b24d4a4b52dfa338d65eeaf6ee
4665e45f8f77481f978fba203ab13a7c2fa94444
9984b7beae79d0eb3f15475f9ec1e71063caff4019d5f6ee15ed56a6716c56ae

HTTP Headers

GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pics4world.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 16:20:57 GMT
expires: Fri, 06 Dec 2024 16:20:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:46:12 GMT
content-type: font/woff2
age: 348655
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.40186307618310724&sbid=5647&sbid2=

185.162.85.20

0 B

URL
mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.40186307618310724&sbid=5647&sbid2=
IP
185.162.85.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=18&src=2&p=1138759&st=1177780&wd=479466&d=ptbqre.com&tpl=32&rnd=0.40186307618310724&sbid=5647&sbid2= HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptbqre.com
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 11 Dec 2023 17:11:54 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecrwqu.com/cuclc?aid=4339668677758832229&t=1702314714&s=1072989

185.162.85.2

163 B

URL
ecrwqu.com/cuclc?aid=4339668677758832229&t=1702314714&s=1072989
IP
185.162.85.2:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text - HTML document text - HTML document, ASCII text, with no line terminators
Size
163 B (163 bytes)
Hash
7fb376348555f501a339db32fbaeb9ae
64d83f6aaf0386d5b1cc2627ee3eb39b9955ae89
97afb76871bc6d4d17e50a595582f35422a8fd7bde9c73e8c12656423086ef53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cuclc?aid=4339668677758832229&t=1702314714&s=1072989 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptbqre.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 11 Dec 2023 17:11:54 GMT
content-type: text/html; charset=utf-8
content-length: 163
location: https://ripplestreams4u.xyz/redzonehd.php
X-Firefox-Spdy: h2

lidsaich.net/sftouch?userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf

139.45.197.244

200 OK

2 B

URL POST HTTP/2
lidsaich.net/sftouch?userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://lidsaich.net/4/6003953
Certificate
IssuerLet's Encrypt
Subjectlidsaich.net
Fingerprint01:08:24:46:33:AE:B2:9D:A0:DC:EE:55:B6:B2:84:6A:23:A1:47:0D
ValidityFri, 01 Dec 2023 05:08:36 GMT - Thu, 29 Feb 2024 05:08:35 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf HTTP/1.1
Host: lidsaich.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lidsaich.net
DNT: 1
Connection: keep-alive
Referer: https://lidsaich.net/4/6003953
Cookie: OAID=5949db4cc65c4ec7adca9c7b9275db1a; oaidts=1702314715
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 17:11:55 GMT
content-type: text/plain
content-length: 2
x-trace-id: ce425fdfe0ae59f60f99a4140254c6d7
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://lidsaich.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ilcec2019.com/js/bootstrap.bundle.min.js

172.67.209.180

25 kB

URL
ilcec2019.com/js/bootstrap.bundle.min.js
IP
172.67.209.180:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65299)
Size
25 kB (24588 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: ilcec2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilcec2019.com/File.zip?c=AO_tdmWAMAUAok4CAEVTFwAoAAAAAAC_PK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 17:11:36 GMT
content-type: application/javascript
last-modified: Sun, 02 Oct 2022 10:07:38 GMT
etag: W/"13a70-5ea0a658f0e80"
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XO8K%2BGiNMQU%2BHZnIWDy8kb4B1ShU5fvi7BtroLAeX2fFUtT%2F5Ytu0OEgHyxhMCL0A2RcPBUn%2FFXCF0alJirFURFE8bsEHqjBg7vNNZD9SMO%2BIT%2FxCkFyTCnX3BaBxylw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5900cd240b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lidsaich.net/favicon.ico

139.45.197.244

204 No Content

0 B

URL GET HTTP/2
lidsaich.net/favicon.ico
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://lidsaich.net/4/6003953
Certificate
IssuerLet's Encrypt
Subjectlidsaich.net
Fingerprint01:08:24:46:33:AE:B2:9D:A0:DC:EE:55:B6:B2:84:6A:23:A1:47:0D
ValidityFri, 01 Dec 2023 05:08:36 GMT - Thu, 29 Feb 2024 05:08:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lidsaich.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lidsaich.net/4/6003953
Cookie: OAID=5949db4cc65c4ec7adca9c7b9275db1a; oaidts=1702314715
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 11 Dec 2023 17:11:55 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=merge&userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://lidsaich.net/4/6003953
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
GIF image data, version 89a, 1 x 1 - data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=5949db4cc65c4ec7adca9c7b9275db1a&z=6003953&p_rid=6fe2f09c-e1c8-45d9-9ae3-ff7399e1f850&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lidsaich.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 17:11:55 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5949db4cc65c4ec7adca9c7b9275db1a; expires=Tue, 10 Dec 2024 17:11:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

lidsaich.net/?z=6003953&syncedCookie=true&rhd=false

139.45.197.244

0 B

URL User Request POST
lidsaich.net/?z=6003953&syncedCookie=true&rhd=false
IP
139.45.197.244:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectlidsaich.net
Fingerprint01:08:24:46:33:AE:B2:9D:A0:DC:EE:55:B6:B2:84:6A:23:A1:47:0D
ValidityFri, 01 Dec 2023 05:08:36 GMT - Thu, 29 Feb 2024 05:08:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=6003953&syncedCookie=true&rhd=false HTTP/1.1
Host: lidsaich.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 440
Origin: https://lidsaich.net
DNT: 1
Connection: keep-alive
Referer: https://lidsaich.net/afu.php?zoneid=6003953&var=6003953&rid=IUzYL-eT4VvoQwPRHmPGTA%3D%3D&rhd=false
Cookie: OAID=5949db4cc65c4ec7adca9c7b9275db1a; oaidts=1702314715
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Mon, 11 Dec 2023 17:11:55 GMT
content-length: 0
location: http://34.102.137.201/2/PU_NO_SB_DT_KINDRED?source=6003953&geo=NO&device_type=desktop&browser_type=firefox&os=windows&region=03&useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0&language=en&connection_type=broadband&internet_provider=blix group as&carrier=?
x-trace-id: 3f97fffb80a1ebb92495f378f537071a
link: <http://34.102.137.201>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://lidsaich.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=5949db4cc65c4ec7adca9c7b9275db1a; expires=Tue, 10 Dec 2024 17:11:55 GMT; path=/; secure; SameSite=None
oaidts=1702314715; expires=Tue, 10 Dec 2024 17:11:55 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 18 Dec 2023 17:11:55 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

34.102.137.201/2/PU_NO_SB_DT_KINDRED?source=6003953&geo=NO&device_type=desktop&browser_type=firefox&os=windows&region=03&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connection_type=broadband&internet_provider=blix%20group%20as&carrier=?

34.102.137.201

0 B

URL User Request GET
34.102.137.201/2/PU_NO_SB_DT_KINDRED?source=6003953&geo=NO&device_type=desktop&browser_type=firefox&os=windows&region=03&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connection_type=broadband&internet_provider=blix%20group%20as&carrier=?
IP
34.102.137.201:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/PU_NO_SB_DT_KINDRED?source=6003953&geo=NO&device_type=desktop&browser_type=firefox&os=windows&region=03&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&language=en&connection_type=broadband&internet_provider=blix%20group%20as&carrier=? HTTP/1.1
Host: 34.102.137.201
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 11 Dec 2023 17:11:55 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
Via: 1.1 google

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB

13.107.213.53

0 B

URL User Request GET
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 11-Dec-3022 17:11:56 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 03EJ3ZQAAAACyf4/kh1PhRp0U6km1aJT3U1ZHMjBFREdFMDUxMQAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Mon, 11 Dec 2023 17:11:55 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950

85.184.96.28

0 B

URL
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
IP
85.184.96.28:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 11 Dec 2023 17:11:56 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
set-cookie: JSESSIONID=node01w7ik80yx3lt61mbmkbmsbzo695322191.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; Path=/; Domain=.unibet.com; Expires=Wed, 10-Dec-2025 17:11:56 GMT; Max-Age=63072000; Secure
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Wed, 10-Dec-2025 17:11:56 GMT; Max-Age=63072000; Secure
uniattr_ref=; Path=/; Domain=.unibet.com; Expires=Wed, 10-Dec-2025 17:11:56 GMT; Max-Age=63072000; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affiliateId=1; Path=/; Domain=.unibet.com; Secure
B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; Path=/; Domain=.unibet.com; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BID=37950; Path=/; Domain=.unibet.com; Secure
PID=85891437; Path=/; Domain=.unibet.com; Secure
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REFERER=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; Path=/; Domain=.unibet.com; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 11 Dec 2023 17:11:56 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950

85.184.96.28

0 B

URL
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
IP
85.184.96.28:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Mon, 11 Dec 2023 17:11:56 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 11 Dec 2023 17:11:56 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

104.18.43.104

0 B

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Mon, 11 Dec 2023 17:11:56 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 833f5984bfd6b4ee-OSL
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

956 B

URL
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:56 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

104.18.43.104

2.1 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
2.1 kB (2056 bytes)
Hash
ac64b59c98bbe50cf69b6c98fa39585c
0a5cc9fb43b8a208481baaf752dbd504078a764b
28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:56 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 833f59847f80b4ee-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 303304
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

104.18.43.104

1.3 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image - HTML document text - HTML document, ASCII text, with very long lines (3207), with no line terminators
Size
1.3 kB (1281 bytes)
Hash
730e6377072b77d80bca30d96fb63b27
64bf5fa49e24ff2f79ad9152f3ef7bd7baab5ad0
bb461ad12e6f931815042b57a447b64e8d3a06d1576c1f7c79b9c7e5a42a8b34

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:56 GMT
content-type: image/svg+xml
cf-ray: 833f59849fb8b4ee-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 478060
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.42

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:59:32 GMT
expires: Fri, 06 Dec 2024 15:59:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 349945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.106

16 kB

URL
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression - data
Size
16 kB (16275 bytes)
Hash
5a316a2e4cd9af80c7cc5f91fa9f5081
c7e69adc8f8e98ccf72d95ea511e9b157d42e9fe
91adae02c8c6b2671f52435d0f015ac66ccd39cc3450ac2332388c04d9d1615d

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 11 Dec 2023 17:11:57 GMT
date: Mon, 11 Dec 2023 17:11:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

104.18.43.104

98 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3 - data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:57 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 833f598699ebb4ee-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 300755
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.141.13

23 kB

URL
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.141.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (54456), with no line terminators
Size
23 kB (22772 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:57 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 191327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCqifyF4ySPSOAyV9%2BhplTRnvYrrLq6%2F%2Bvw0XNuZMTE%2BxjWDxl1e2ZzN8l9TAqn5bXkjxURN8UIuRDqxvi2I4mSZD5CFGF6Fd0T4qE7Ne285YhFq%2FhI3ULvN3EI0ATSLuxbiMFmn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833f59858da8413c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

104.18.43.104

10 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image - XML 1.0 document text - XML document text - HTML document text - exported SGML document, ASCII text
Size
10 kB (10547 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:56 GMT
content-type: image/svg+xml
cf-ray: 833f5984bfdab4ee-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 471717
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0 - data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:57:09 GMT
expires: Fri, 06 Dec 2024 15:57:09 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 350088
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

104.18.43.104

75 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
104.18.43.104:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image - HTML document text - HTML document, ASCII text, with very long lines (1481), with no line terminators
Size
75 kB (75078 bytes)
Hash
29c87eb58ba8d395124b925a112ab5ac
82dc80de035d36cee22be43d057e223dab5ba80b
758ddcbcbe402aaf16d21ab756daa63b3353b2abf619ca1873a4b6c6b5ac53cf

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:56 GMT
content-type: image/svg+xml
cf-ray: 833f5984afd3b4ee-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 293013
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

67 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (25136)
Size
67 kB (67322 bytes)
Hash
c58e2c63c7843030d144f074d396e7e6
9474cc013374d5e1f8a8eef35bc4b1adbe17fc6a
d5227add56392c60a6d139bc042ff4eda4e650f5e078a07c020f800b3c22562b

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 11 Dec 2023 17:11:57 GMT
expires: Mon, 11 Dec 2023 17:11:57 GMT
cache-control: private, max-age=900
last-modified: Mon, 11 Dec 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0 - data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:57:34 GMT
expires: Fri, 06 Dec 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 389663
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0 - data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 21:36:53 GMT
expires: Thu, 05 Dec 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 416104
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

subimagohezekiahunbating.com/b?token=5038d7fbd5500a5127b5f1b78ba9d47724175c79&c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx

172.67.159.83

5.5 kB

URL
subimagohezekiahunbating.com/b?token=5038d7fbd5500a5127b5f1b78ba9d47724175c79&c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx
IP
172.67.159.83:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
5.5 kB (5469 bytes)
Hash
df2db55ff3debd8abde692e23bdbb10b
bc4d001d346dba4c5f451d20cd88eab049163e33
88dbe54996721a437c3c677cca7606cec4a38f788934ca7e9b0bfe84a5e6ca76

HTTP Headers

GET /b?token=5038d7fbd5500a5127b5f1b78ba9d47724175c79&c=AM1Cd2UPFgAAnlkCAE5PFwAMAAAAAAAx HTTP/1.1
Host: subimagohezekiahunbating.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sygox.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 11 Dec 2023 17:11:49 GMT
content-type: text/html; charset=utf-8
location: https://pics4world.com/file.zip?c=ANRCd2UPFgAA51sCAE5PFwAMAAAAAABt
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xB3bUTSWtb3%2BDCKsxJ%2BiUlUPnw8QN7pi5f6WrOYi2%2B1XnNh6wk%2Fz%2FgO4JzeNpYKiqn09jWyjCDl6hFo34Vy3RdVJwmU%2Fhvd41c9MnidMhNzjh0nWSMvSIaNzNGx%2FRHJl4hR3zwhOwBuvyicZ57n7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833f59514c69569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

0.0.0.0

0 B

URL POST
datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
0.0.0.0:0
ASN
#0

Requested by
https://lidsaich.net/4/6003953

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1349
Origin: https://lidsaich.net
DNT: 1
Connection: keep-alive
Referer: https://lidsaich.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

lidsaich.net/4/6003953

139.45.197.244

200 OK

30 kB

URL User Request GET HTTP/2
lidsaich.net/4/6003953
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectlidsaich.net
Fingerprint01:08:24:46:33:AE:B2:9D:A0:DC:EE:55:B6:B2:84:6A:23:A1:47:0D
ValidityFri, 01 Dec 2023 05:08:36 GMT - Thu, 29 Feb 2024 05:08:35 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (18377)
Size
30 kB (30386 bytes)
Hash
5bbb5373d12aab4d95d5441dcfa6898b
eda0943ea2b519b618c8c80167dc0e6a1135441c
8b78d82e0f74de72fcf20fc43346ab62856f50ee142ce7d38c5a3e18f36a8a69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/6003953 HTTP/1.1
Host: lidsaich.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 17:11:55 GMT
content-type: text/html; charset=utf8
x-trace-id: be9890b43a75c18f4822dd0673f92040
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=5949db4cc65c4ec7adca9c7b9275db1a; expires=Tue, 10 Dec 2024 17:11:55 GMT; path=/; secure; SameSite=None
oaidts=1702314715; expires=Tue, 10 Dec 2024 17:11:55 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding, favicon
content-encoding: gzip
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

0.0.0.0

74 kB

URL GET
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94&bid=37950&campaignId=2799402&pid=85891437
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702314716155)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C202312111711%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210707702311%7c1%22%7d%5d; __ucbt=node01w7ik80yx3lt61mbmkbmsbzo6; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; clientId=polopoly_desktop; btag=320669908_7B9CD80EE5B0423B9A1C7E4E27CA1E94
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 17:11:57 GMT
content-type: application/javascript
last-modified: Mon, 11 Dec 2023 16:08:44 GMT
vary: Accept-Encoding
etag: W/"6577340c-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (85)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP